From 243834f14224be3cc5d76d62e735c009188187df Mon Sep 17 00:00:00 2001
From: Yogeswaran K <yogeswaransky@gmail.com>
Date: Thu, 2 Apr 2026 11:10:25 +0000
Subject: [PATCH] RDKEMW-15927: Adrressing the race condition in while deleting
 all report profiles

Signed-off-by: Yogeswaran K <yogeswaransky@gmail.com>
---
 source/bulkdata/profile.c            | 10 ++++++++++
 source/ccspinterface/rbusInterface.c |  9 +++++++++
 2 files changed, 19 insertions(+)

diff --git a/source/bulkdata/profile.c b/source/bulkdata/profile.c
index fe7d91fd..132af4a7 100644
--- a/source/bulkdata/profile.c
+++ b/source/bulkdata/profile.c
@@ -1159,14 +1159,23 @@ T2ERROR deleteAllProfiles(bool delFromDisk)
     int count = 0;
     int profileIndex = 0;
     Profile *tempProfile = NULL;
+    static bool deleteInProgress = false;
 
     pthread_mutex_lock(&plMutex);
+    if(deleteInProgress)
+    {
+        T2Info("deleteAllProfiles already in progress, skipping\n");
+        pthread_mutex_unlock(&plMutex);
+        return T2ERROR_SUCCESS;
+    }
+
     if(profileList == NULL)
     {
         T2Error("profile list is not initialized yet or profileList is empty, ignoring\n");
         pthread_mutex_unlock(&plMutex);
         return T2ERROR_FAILURE;
     }
+    deleteInProgress = true;
 
     count = Vector_Size(profileList);
     pthread_mutex_unlock(&plMutex);
@@ -1216,6 +1225,7 @@ T2ERROR deleteAllProfiles(bool delFromDisk)
     Vector_Destroy(profileList, freeProfile);
     profileList = NULL;
     Vector_Create(&profileList);
+    deleteInProgress = false;
     pthread_mutex_unlock(&plMutex);
 
     T2Debug("%s --out\n", __FUNCTION__);
diff --git a/source/ccspinterface/rbusInterface.c b/source/ccspinterface/rbusInterface.c
index ca73b723..c0361363 100644
--- a/source/ccspinterface/rbusInterface.c
+++ b/source/ccspinterface/rbusInterface.c
@@ -381,10 +381,17 @@ rbusError_t eventSubHandler(rbusHandle_t handle, rbusEventSubAction_t action, co
 }
 
 #if defined(PRIVACYMODES_CONTROL)
+static pthread_mutex_t privacyWorkerMutex = PTHREAD_MUTEX_INITIALIZER;
+
 /**
  * Worker thread to handle privacy mode callbacks off the RBUS handler thread.
  * Prevents RBUS handler starvation by moving heavy operations (profile deletion,
  * XConf restart) to a detached thread.
+ *
+ * Serialized via privacyWorkerMutex to prevent concurrent invocations racing on
+ * profile deletion when PrivacyMode is toggled rapidly (e.g. DO_NOT_SHARE ->
+ * SHARE -> DO_NOT_SHARE in quick succession), which causes double-free of
+ * grepSeekProfile in deleteAllProfiles().
  */
 static void* privacyModeCallbackWorker(void *arg)
 {
@@ -395,6 +402,7 @@ static void* privacyModeCallbackWorker(void *arg)
         return NULL;
     }
     T2Debug("%s ++in mode=%s\n", __FUNCTION__, mode);
+    pthread_mutex_lock(&privacyWorkerMutex);
 
     if(strcmp(mode, "DO_NOT_SHARE") == 0)
     {
@@ -424,6 +432,7 @@ static void* privacyModeCallbackWorker(void *arg)
     }
 
     free(mode);
+    pthread_mutex_unlock(&privacyWorkerMutex);
     T2Debug("%s --out\n", __FUNCTION__);
     return NULL;
 }