On 14/03/2015 11:07, Stefan Weil wrote: > > This fixes the memory leak, but I still don't understand what is done here. > data is allocated, then filled with values, now it is also deallocated. > But I'm missing the part where all those data is used.
"data" escapes in record->attribute_list[record->attributes].pair. The bug is in bt_l2cap_sdp_close_ch which does an invalid free every time it frees the first sdp->service_list[i].attribute_list->pair (but the qsort could have moved it elsewhere in the list). The right fix is to do a separate malloc for each attribute, instead of a single one. In any case, it seems simpler to just leave this code aside. Paolo
