Fix Linux bluetooth service discovery crash with multiple services

The application code may call stop() for the service discovery agent
when it has detected the service-of-interest.

The crash occurs because the stop() will clear the list of discovered
devices, but the service discovery result handling loop may still be in
the middle of processing the services. If the loop accesses
the by-now cleared device list on its next iteration, it will cause a
list access violation assert.

Fixes: QTBUG-100894
Change-Id: Ica300cd8461543b533800ca06551b21d9b256613
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
(cherry picked from commit 2de33f78ec374ce6963b9c1715e4942c8cf70bb0)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

1 files changed, 4 insertions, 2 deletions

diff --git a/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp b/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp
index 4493b7a4..6d884cc8 100644
--- a/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp
+++ b/src/bluetooth/qbluetoothservicediscoveryagent_bluez.cpp
@@ -337,8 +337,10 @@ void QBluetoothServiceDiscoveryAgentPrivate::_q_finishSdpScan(QBluetoothServiceD
                 qCDebug(QT_BT_BLUEZ) << "Discovered services" << discoveredDevices.at(0).address().toString()
                                      << serviceInfo.serviceName() << serviceInfo.serviceUuid()
                                      << ">>>" << serviceInfo.serviceClassUuids();
-
-                emit q->serviceDiscovered(serviceInfo);
+                // Use queued connection to allow us finish the service looping; the application
+                // might call stop() when it has detected the service-of-interest.
+                QMetaObject::invokeMethod(q, "serviceDiscovered", Qt::QueuedConnection,
+                                          Q_ARG(QBluetoothServiceInfo, serviceInfo));
             }
         }
     }