Usually autoscan is cancelled when the device is disabled, but when
wpa_supplicant leaves D-Bus while device has an ongoing power request,
__connman_device_disable() will return early and thus autoscan timeout
isn't cleared. The timeout callback may then access released memory
when it's activated.
Add stop_autoscan() call to wifi_remove() to make sure there are no
pending timeouts when the autoscan struct is released.
---
plugins/wifi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/plugins/wifi.c b/plugins/wifi.c
index c1da04b..ef4dd95 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -293,6 +293,8 @@ static void wifi_remove(struct connman_device *device)
if (!wifi)
return;
+ stop_autoscan(device);
+
iface_list = g_list_remove(iface_list, wifi);
check_p2p_technology();
--
1.8.5.3
_______________________________________________
connman mailing list
[email protected]
https://lists.connman.net/mailman/listinfo/connman
