• In the daemon, when handling SDP_CLIENT_QUERY_RFCOMM_SERVICES command, a callback (handle_sdp_rfcomm_service_result) is registered with sdp_query_rfcomm_register_callback. But, if the client disconnects during the scan, the connection will be freed, and the callback might try to access it.
• Because currently only one scan at a time is possible (only one context parameter), one possible solution is to store the connection when handling SDP_CLIENT_QUERY_RFCOMM_SERVICES (in a separate global, in the daemon maybe), reset it in the handle_sdp_rfcomm_service_result when the scan is done, and either remove the callback or set the context to NULL (and test it in the callback) when handling DAEMON_EVENT_CONNECTION_CLOSED events.
• To be able to remove the callback, calls to the callback in the sdp_query_rfcomm module should check it isn't NULL first. I think it should also be done in sdp_parser with its callback.

This issue was closed by revision r2743.

we added a way to deregister the callback (and let the engine just finish it's task) in r2743