From 1d964be81b0081d2ccdbf5c9a875672f447b5977 Mon Sep 17 00:00:00 2001 From: Konstantin Marchenko Date: Fri, 9 Dec 2016 18:58:35 +0300 Subject: LE/Android: fix crash when destroying DiscoveryAgent during scan happens due to accessing already destroyed receiver from the queued call Change-Id: Ibc4a9abbb8c00ef9c8985f481b70db36fa508df8 Reviewed-by: Alex Blasche --- src/bluetooth/android/jni_android.cpp | 3 +++ src/bluetooth/qbluetoothdevicediscoveryagent_android.cpp | 3 +++ 2 files changed, 6 insertions(+) (limited to 'src') diff --git a/src/bluetooth/android/jni_android.cpp b/src/bluetooth/android/jni_android.cpp index 176416c8..0688c869 100644 --- a/src/bluetooth/android/jni_android.cpp +++ b/src/bluetooth/android/jni_android.cpp @@ -193,6 +193,9 @@ static void QtBluetoothInputStreamThread_readyData(JNIEnv */*env*/, jobject /*ja void QtBluetoothLE_leScanResult(JNIEnv *env, jobject, jlong qtObject, jobject bluetoothDevice, jint rssi, jbyteArray scanRecord) { + if (Q_UNLIKELY(qtObject == 0)) + return; + reinterpret_cast(qtObject)->onReceiveLeScan( env, bluetoothDevice, rssi, scanRecord); diff --git a/src/bluetooth/qbluetoothdevicediscoveryagent_android.cpp b/src/bluetooth/qbluetoothdevicediscoveryagent_android.cpp index 6369cedb..443be14d 100644 --- a/src/bluetooth/qbluetoothdevicediscoveryagent_android.cpp +++ b/src/bluetooth/qbluetoothdevicediscoveryagent_android.cpp @@ -88,6 +88,9 @@ QBluetoothDeviceDiscoveryAgentPrivate::~QBluetoothDeviceDiscoveryAgentPrivate() if (m_active != NoScanActive) stop(); + if (leScanner.isValid()) + leScanner.setField("qtObject", reinterpret_cast(nullptr)); + if (receiver) { receiver->unregisterReceiver(); delete receiver; -- cgit v1.2.3