LE/Android: fix crash when destroying DiscoveryAgent during scan

happens due to accessing already destroyed receiver from the queued call

Change-Id: Ibc4a9abbb8c00ef9c8985f481b70db36fa508df8
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>

2 files changed, 6 insertions, 0 deletions

diff --git a/src/bluetooth/android/jni_android.cpp b/src/bluetooth/android/jni_android.cpp
index 176416c8..0688c869 100644
--- a/src/bluetooth/android/jni_android.cpp
+++ b/src/bluetooth/android/jni_android.cpp
@@ -193,6 +193,9 @@ static void QtBluetoothInputStreamThread_readyData(JNIEnv */*env*/, jobject /*ja
 void QtBluetoothLE_leScanResult(JNIEnv *env, jobject, jlong qtObject, jobject bluetoothDevice,
                                 jint rssi, jbyteArray scanRecord)
 {
+    if (Q_UNLIKELY(qtObject == 0))
+        return;
+
     reinterpret_cast<AndroidBroadcastReceiver*>(qtObject)->onReceiveLeScan(
                                                                 env, bluetoothDevice, rssi,
                                                                 scanRecord);
diff --git a/src/bluetooth/qbluetoothdevicediscoveryagent_android.cpp b/src/bluetooth/qbluetoothdevicediscoveryagent_android.cpp
index 6369cedb..443be14d 100644
--- a/src/bluetooth/qbluetoothdevicediscoveryagent_android.cpp
+++ b/src/bluetooth/qbluetoothdevicediscoveryagent_android.cpp
@@ -88,6 +88,9 @@ QBluetoothDeviceDiscoveryAgentPrivate::~QBluetoothDeviceDiscoveryAgentPrivate()
     if (m_active != NoScanActive)
         stop();
 
+    if (leScanner.isValid())
+        leScanner.setField<jlong>("qtObject", reinterpret_cast<jlong>(nullptr));
+
     if (receiver) {
         receiver->unregisterReceiver();
         delete receiver;