Fix crash during SDP discovery on Bluez

Stopping the discovery during an ongoing SDP search may cause
a crash because discoveredDevices has been cleared although
we still access the list later on. Even if list access wouldn't
be required anymore there is no reason to continue the
discovery. Entry guards for the involved slots were added.

Additionally it revealed a memory leak which has been fixed

Change-Id: I3fd3c99a82a9d7b61e853a3f9f3877b8ad7f6d41
Reviewed-by: Fabian Bumberger <fbumberger@rim.com>
Reviewed-by: Alex Blasche <alexander.blasche@digia.com>

1 files changed, 22 insertions, 7 deletions

diff --git a/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp b/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp
index 8e2f73cd..2795a855 100644
--- a/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp
+++ b/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp
@@ -108,21 +108,33 @@ void QBluetoothServiceDiscoveryAgentPrivate::start(const QBluetoothAddress &addr
 void QBluetoothServiceDiscoveryAgentPrivate::stop()
 {
     qCDebug(QT_BT_BLUEZ) << Q_FUNC_INFO << "Stop called";
-    if(device){
+    if (device) {
+        //we are waiting for _q_discoveredServices() slot to be called
+        // adapter is already 0
         QDBusPendingReply<> reply = device->CancelDiscovery();
         reply.waitForFinished();
 
-        discoveredDevices.clear();
-        setDiscoveryState(Inactive);
-        Q_Q(QBluetoothServiceDiscoveryAgent);
-        emit q->canceled();
-
-        qCDebug(QT_BT_BLUEZ) << "Stop done";
+        device->deleteLater();
+        device = 0;
+        Q_ASSERT(!adapter);
+    } else if (adapter) {
+        //we are waiting for _q_createdDevice() slot to be called
+        adapter->deleteLater();
+        adapter = 0;
+        Q_ASSERT(!device);
     }
+
+    discoveredDevices.clear();
+    setDiscoveryState(Inactive);
+    Q_Q(QBluetoothServiceDiscoveryAgent);
+    emit q->canceled();
 }
 
 void QBluetoothServiceDiscoveryAgentPrivate::_q_createdDevice(QDBusPendingCallWatcher *watcher)
 {
+    if (!adapter)
+        return;
+
     Q_Q(QBluetoothServiceDiscoveryAgent);
 
     const QBluetoothAddress &address = watcher->property("_q_BTaddress").value<QBluetoothAddress>();
@@ -176,6 +188,9 @@ void QBluetoothServiceDiscoveryAgentPrivate::_q_createdDevice(QDBusPendingCallWa
 
 void QBluetoothServiceDiscoveryAgentPrivate::_q_discoveredServices(QDBusPendingCallWatcher *watcher)
 {
+    if (!device)
+        return;
+
     qCDebug(QT_BT_BLUEZ) << Q_FUNC_INFO;
 
     QDBusPendingReply<ServiceMap> reply = *watcher;