Below is a patch for:
http://bugs.meego.com/show_bug.cgi?id=10302
This crash is seen for the ConnMan WiFi plugin.
When WiFi device driver is removed, wifi_remove is called which will free the
wifi_data structure. But this wifi_data structure is still associated to the
GSupplicantInterface. Now for all the signal notifications, gsupplicant will
invoke the callbacks registered by WiFi plugin. These callbacks still reference
the wifi_data structuce which is already freed and hence the crash.
In wifi_remove setting the GSupplicantInterface's wifi_data to NULL will fix
this issue.
Patch:
---
plugins/wifi.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/plugins/wifi.c b/plugins/wifi.c
index e3247a1..eacace4 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -163,6 +163,8 @@ static void wifi_remove(struct connman_device *device)
connman_device_unref(wifi->device);
connman_rtnl_remove_watch(wifi->watch);
+ g_supplicant_interface_set_data(wifi->interface, NULL);
+
g_free(wifi->identifier);
g_free(wifi);
}
--
1.7.2.2
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
