espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-30 18:57:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Dereference before null check

Browse Source
This commit is contained in:
xiongweichao
2021-11-12 14:40:23 +08:00
committed by bot
parent 92f258e927
commit 01a7b1de70
6 changed files with 21 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/bt/host/bluedroid/bta/gatt/bta_gattc_api.c
View File

@ -757,7 +757,7 @@ void BTA_GATTC_PrepareWriteCharDescr (UINT16 conn_id, UINT16 handle,
tBTA_GATT_AUTH_REQ auth_req) tBTA_GATT_AUTH_REQ auth_req)
{ {
tBTA_GATTC_API_WRITE *p_buf; tBTA_GATTC_API_WRITE *p_buf;
UINT16 len = sizeof(tBTA_GATTC_API_WRITE) + p_data->len; UINT16 len = sizeof(tBTA_GATTC_API_WRITE);
if (p_data != NULL) { if (p_data != NULL) {
len += p_data->len; len += p_data->len;

2
components/bt/host/bluedroid/btc/profile/std/gatt/btc_gattc.c
View File

@ -114,7 +114,7 @@ static void btc_gattc_copy_req_data(btc_msg_t *msg, void *p_dest, void *p_src)
tBTA_GATTC *p_dest_data = (tBTA_GATTC *) p_dest; tBTA_GATTC *p_dest_data = (tBTA_GATTC *) p_dest;
tBTA_GATTC *p_src_data = (tBTA_GATTC *) p_src; tBTA_GATTC *p_src_data = (tBTA_GATTC *) p_src;
if (!p_src_data || !p_dest_data) { if (!p_src_data || !p_dest_data || !msg) {
return; return;
} }

3
components/bt/host/bluedroid/hci/hci_hal_h4.c
View File

@ -229,11 +229,12 @@ static void hci_hal_h4_hdl_rx_packet(BT_HDR *packet)
{ {
uint8_t type, hdr_size; uint8_t type, hdr_size;
uint16_t length; uint16_t length;
uint8_t *stream = packet->data + packet->offset; uint8_t *stream = NULL;
if (!packet) { if (!packet) {
return; return;
} }
stream = packet->data + packet->offset;
#if (C2H_FLOW_CONTROL_INCLUDED == TRUE) #if (C2H_FLOW_CONTROL_INCLUDED == TRUE)
hci_packet_complete(packet); hci_packet_complete(packet);

11
components/bt/host/bluedroid/stack/btm/btm_ble.c
View File

@ -826,6 +826,7 @@ BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr)
tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, UINT16 tx_pdu_length) tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, UINT16 tx_pdu_length)
{ {
tACL_CONN *p_acl = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE); tACL_CONN *p_acl = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE);
BTM_TRACE_DEBUG("%s: tx_pdu_length =%d", __FUNCTION__, tx_pdu_length); BTM_TRACE_DEBUG("%s: tx_pdu_length =%d", __FUNCTION__, tx_pdu_length);
if (!controller_get_interface()->supports_ble_packet_extension()) { if (!controller_get_interface()->supports_ble_packet_extension()) {
@ -833,12 +834,12 @@ tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, UINT16 tx_pdu_length)
return BTM_CONTROL_LE_DATA_LEN_UNSUPPORTED; return BTM_CONTROL_LE_DATA_LEN_UNSUPPORTED;
} }
if (!HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features)) {
BTM_TRACE_ERROR("%s failed, peer does not support request", __FUNCTION__);
return BTM_PEER_LE_DATA_LEN_UNSUPPORTED;
}
if (p_acl != NULL) { if (p_acl != NULL) {
if (!HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features)) {
BTM_TRACE_ERROR("%s failed, peer does not support request", __FUNCTION__);
return BTM_PEER_LE_DATA_LEN_UNSUPPORTED;
}
if (tx_pdu_length > BTM_BLE_DATA_SIZE_MAX) { if (tx_pdu_length > BTM_BLE_DATA_SIZE_MAX) {
tx_pdu_length = BTM_BLE_DATA_SIZE_MAX; tx_pdu_length = BTM_BLE_DATA_SIZE_MAX;
} else if (tx_pdu_length < BTM_BLE_DATA_SIZE_MIN) { } else if (tx_pdu_length < BTM_BLE_DATA_SIZE_MIN) {

8
components/bt/host/bluedroid/stack/gatt/gatt_api.c
View File

@ -814,15 +814,15 @@ tGATT_STATUS GATTC_ConfigureMTU (UINT16 conn_id)
GATT_TRACE_API ("GATTC_ConfigureMTU conn_id=%d mtu=%d", conn_id, mtu ); GATT_TRACE_API ("GATTC_ConfigureMTU conn_id=%d mtu=%d", conn_id, mtu );
if ( (p_tcb == NULL) || (p_reg == NULL) || (mtu < GATT_DEF_BLE_MTU_SIZE) || (mtu > GATT_MAX_MTU_SIZE)) {
return GATT_ILLEGAL_PARAMETER;
}
/* Validate that the link is BLE, not BR/EDR */ /* Validate that the link is BLE, not BR/EDR */
if (p_tcb->transport != BT_TRANSPORT_LE) { if (p_tcb->transport != BT_TRANSPORT_LE) {
return GATT_ERROR; return GATT_ERROR;
} }
if ( (p_tcb == NULL) || (p_reg == NULL) || (mtu < GATT_DEF_BLE_MTU_SIZE) || (mtu > GATT_MAX_MTU_SIZE)) {
return GATT_ILLEGAL_PARAMETER;
}
if (gatt_is_clcb_allocated(conn_id)) { if (gatt_is_clcb_allocated(conn_id)) {
GATT_TRACE_ERROR("GATTC_ConfigureMTU GATT_BUSY conn_id = %d", conn_id); GATT_TRACE_ERROR("GATTC_ConfigureMTU GATT_BUSY conn_id = %d", conn_id);
return GATT_BUSY; return GATT_BUSY;

13
components/bt/host/bluedroid/stack/l2cap/l2c_ble.c
View File

@ -1113,6 +1113,8 @@ void l2cble_update_data_length(tL2C_LCB *p_lcb)
void l2cble_process_data_length_change_event(UINT16 handle, UINT16 tx_data_len, UINT16 rx_data_len) void l2cble_process_data_length_change_event(UINT16 handle, UINT16 tx_data_len, UINT16 rx_data_len)
{ {
tL2C_LCB *p_lcb = l2cu_find_lcb_by_handle(handle); tL2C_LCB *p_lcb = l2cu_find_lcb_by_handle(handle);
tACL_CONN *p_acl = btm_handle_to_acl(handle);
tBTM_LE_SET_PKT_DATA_LENGTH_PARAMS data_length_params;
L2CAP_TRACE_DEBUG("%s TX data len = %d", __FUNCTION__, tx_data_len); L2CAP_TRACE_DEBUG("%s TX data len = %d", __FUNCTION__, tx_data_len);
if (p_lcb == NULL) { if (p_lcb == NULL) {
@ -1123,16 +1125,15 @@ void l2cble_process_data_length_change_event(UINT16 handle, UINT16 tx_data_len,
p_lcb->tx_data_len = tx_data_len; p_lcb->tx_data_len = tx_data_len;
} }
tACL_CONN *p_acl = btm_handle_to_acl(handle);
tBTM_LE_SET_PKT_DATA_LENGTH_PARAMS data_length_params;
data_length_params.rx_len = rx_data_len; data_length_params.rx_len = rx_data_len;
data_length_params.tx_len = tx_data_len; data_length_params.tx_len = tx_data_len;
p_acl->data_length_params = data_length_params;
if (p_acl != NULL && p_acl->p_set_pkt_data_cback){
(*p_acl->p_set_pkt_data_cback)(BTM_SUCCESS, &data_length_params);
}
if(p_acl) { if(p_acl) {
p_acl->data_length_params = data_length_params;
if (p_acl->p_set_pkt_data_cback) {
(*p_acl->p_set_pkt_data_cback)(BTM_SUCCESS, &data_length_params);
}
p_acl->data_len_updating = false; p_acl->data_len_updating = false;
if(p_acl->data_len_waiting) { if(p_acl->data_len_waiting) {
p_acl->data_len_waiting = false; p_acl->data_len_waiting = false;