fix(ble/bluedroid): Fix potential uint32_t overflow in BLE btu_start_timer

(cherry picked from commit a9286567f0) Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
2025-07-30 02:37:19 +02:00 · 2025-04-07 21:13:49 +08:00
parent ca79d255d1
commit 320f8bece2
9 changed files with 14 additions and 11 deletions
--- a/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
+++ b/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
@ -1857,7 +1857,8 @@ esp_err_t esp_ble_gap_set_scan_params(esp_ble_scan_params_t *scan_params);
 /**
 * @brief           This procedure keep the device scanning the peer device which advertising on the air
 *
- * @param[in]       duration: Keeping the scanning time, the unit is second.
+ * @param[in]       duration: The scanning duration in seconds.
+ *                            Set to 0 for continuous scanning until explicitly stopped.
 *
 * @return
 *                  - ESP_OK : success
--- a/components/bt/host/bluedroid/stack/btu/btu_task.c
+++ b/components/bt/host/bluedroid/stack/btu/btu_task.c
@ -453,7 +453,7 @@ void btu_start_timer(TIMER_LIST_ENT *p_tle, UINT16 type, UINT32 timeout_sec)
    // NOTE: This value is in seconds but stored in a ticks field.
    p_tle->ticks = timeout_sec;
    p_tle->in_use = TRUE;
-    osi_alarm_set(alarm, (period_ms_t)(timeout_sec * 1000));
+    osi_alarm_set(alarm, (period_ms_t)((period_ms_t)timeout_sec * 1000));
 }


--- a/examples/bluetooth/bluedroid/ble/ble_eddystone_receiver/main/esp_eddystone_demo.c
+++ b/examples/bluetooth/bluedroid/ble/ble_eddystone_receiver/main/esp_eddystone_demo.c
@ -84,6 +84,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t* par
    switch(event)
    {
        case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
+            // the unit of the duration is second, 0 means scan permanently
            uint32_t duration = 0;
            esp_ble_gap_start_scanning(duration);
            break;
--- a/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c
+++ b/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c
@ -73,7 +73,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
    }
    case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
 #if (IBEACON_MODE == IBEACON_RECEIVER)
-        //the unit of the duration is second, 0 means scan permanently
+        // the unit of the duration is second, 0 means scan permanently
        uint32_t duration = 0;
        esp_ble_gap_start_scanning(duration);
 #endif
--- a/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c
+++ b/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Unlicense OR CC0-1.0
 */
@ -216,9 +216,8 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
            ESP_LOGE(GATTC_TAG, "Scan param set failed: %s", esp_err_to_name(err));
            break;
        }
-        //the unit of the duration is second
-        uint32_t duration = 0xFFFF;
-        ESP_LOGI(GATTC_TAG, "Enable Ble Scan:during time %04" PRIx32 " minutes.",duration);
+        // the unit of the duration is second, 0 means scan permanently
+        uint32_t duration = 0;
        esp_ble_gap_start_scanning(duration);
        break;
    }
--- a/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c
+++ b/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c
@ -325,7 +325,9 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
    uint8_t adv_name_len = 0;
    switch (event) {
    case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
-        //the unit of the duration is second
+        // The unit of duration is seconds.
+        // If duration is set to 0, scanning will continue indefinitely
+        // until esp_ble_gap_stop_scanning is explicitly called.
        uint32_t duration = 30;
        esp_ble_gap_start_scanning(duration);
        break;
--- a/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c
+++ b/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c
@ -385,7 +385,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
        }
        break;
    case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
-        //the unit of the duration is second
+        // the unit of the duration is second, 0 means scan permanently
        uint32_t duration = 30;
        esp_ble_gap_start_scanning(duration);
        break;
--- a/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c
+++ b/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c
@ -775,7 +775,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
                  param->update_conn_params.timeout);
        break;
    case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
-        //the unit of the duration is second
+        // the unit of the duration is second, 0 means scan permanently
        uint32_t duration = 30;
        esp_ble_gap_start_scanning(duration);
        break;
--- a/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c
+++ b/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c
@ -277,7 +277,7 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param
        break;
    case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
        ESP_LOGI(COEX_TAG, "ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT, set scan sparameters complete");
-        //the unit of the duration is second
+        // the unit of the duration is second, 0 means scan permanently
        uint32_t duration = 120;
        esp_ble_gap_start_scanning(duration);
        break;