If metadata is same, it should not be freed as it may be stream's own.
Fixes:
ERROR: AddressSanitizer: heap-use-after-free
READ of size 8 at 0x7b86a76f5d18 thread T0
#0 0x000000836745 in util_iov_dup src/shared/util.c:353
#1 0x0000008ea96b in bap_stream_metadata src/shared/bap.c:1991
#2 0x0000008ebfbe in bap_ucast_enable src/shared/bap.c:2072
#3 0x0000009226e7 in bt_bap_stream_enable src/shared/bap.c:6392
#4 0x00000044037d in transport_bap_resume profiles/audio/transport.c:1981
freed by thread T0 here:
#0 0x7f66a92e5bcb in free.part.0 (/lib64/libasan.so.8+0xe5bcb)
#1 0x000000837002 in util_iov_free src/shared/util.c:392
#2 0x0000008ea94e in bap_stream_metadata src/shared/bap.c:1990
#3 0x0000008ebfbe in bap_ucast_enable src/shared/bap.c:2072
---
src/shared/bap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/bap.c b/src/shared/bap.c
index 8d1c69d47..070f4fc05 100644
--- a/src/shared/bap.c
+++ b/src/shared/bap.c
@@ -1986,7 +1986,7 @@ static unsigned int bap_stream_metadata(struct bt_bap_stream *stream,
iov[0].iov_base = &meta;
iov[0].iov_len = sizeof(meta);
- if (data) {
+ if (data && util_iov_memcmp(stream->meta, data)) {
util_iov_free(stream->meta, 1);
stream->meta = util_iov_dup(data, 1);
}
--
2.49.0
