When the bss to which best_bss points to is removed, the pointer also
needs to be reassigned, or reference to already deallocated memory may
happen later on.
---
gsupplicant/supplicant.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
index c6342d5..534944b 100644
--- a/gsupplicant/supplicant.c
+++ b/gsupplicant/supplicant.c
@@ -1824,7 +1824,7 @@ static void update_signal(gpointer key, gpointer value,
static void update_network_signal(GSupplicantNetwork *network)
{
- if (g_hash_table_size(network->bss_table) <= 1)
+ if (g_hash_table_size(network->bss_table) <= 1 && network->best_bss)
return;
g_hash_table_foreach(network->bss_table,
@@ -1837,6 +1837,7 @@ static void interface_bss_removed(DBusMessageIter *iter,
void *user_data)
{
GSupplicantInterface *interface = user_data;
GSupplicantNetwork *network;
+ struct g_supplicant_bss *bss = NULL;
const char *path = NULL;
dbus_message_iter_get_basic(iter, &path);
@@ -1847,6 +1848,12 @@ static void interface_bss_removed(DBusMessageIter *iter,
void *user_data)
if (!network)
return;
+ bss = g_hash_table_lookup(network->bss_table, path);
+ if (network->best_bss == bss) {
+ network->best_bss = NULL;
+ network->signal = 0;
+ }
+
g_hash_table_remove(bss_mapping, path);
g_hash_table_remove(interface->bss_mapping, path);
--
1.8.5.3
_______________________________________________
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
