From 6da84eff76f17bbfe5b1fdf0ab3a9bcee36abd19 Mon Sep 17 00:00:00 2001
From: wangmengyang <wangmengyang@espressif.com>
Date: Fri, 23 Jun 2017 17:26:43 +0800
Subject: [PATCH] component/bt: fix a bug for L2CAP state machine to access lcb
 after it is released

---
 components/bt/bluedroid/stack/l2cap/l2c_utils.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/components/bt/bluedroid/stack/l2cap/l2c_utils.c b/components/bt/bluedroid/stack/l2cap/l2c_utils.c
index 042387964d..05067c3896 100644
--- a/components/bt/bluedroid/stack/l2cap/l2c_utils.c
+++ b/components/bt/bluedroid/stack/l2cap/l2c_utils.c
@@ -926,6 +926,11 @@ void l2cu_send_peer_disc_rsp (tL2C_LCB *p_lcb, UINT8 remote_id, UINT16 local_cid
     BT_HDR  *p_buf;
     UINT8   *p;
 
+    if (!p_lcb) {
+        L2CAP_TRACE_WARNING("lcb already released\n");
+        return;
+    }
+    
     if ((p_buf = l2cu_build_header(p_lcb, L2CAP_DISC_RSP_LEN, L2CAP_CMD_DISC_RSP, remote_id)) == NULL) {
         L2CAP_TRACE_WARNING ("L2CAP - no buffer for disc_rsp");
         return;
@@ -1606,7 +1611,9 @@ void l2cu_release_ccb (tL2C_CCB *p_ccb)
         p_ccb->should_free_rcb = false;
     }
 
-    btm_sec_clr_temp_auth_service (p_lcb->remote_bd_addr);
+    if (p_lcb) {
+        btm_sec_clr_temp_auth_service (p_lcb->remote_bd_addr);
+    }
 
     /* Stop the timer */
     btu_stop_timer (&p_ccb->timer_entry);
-- 
2.40.0