espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-30 18:57:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/fix_blufi_prepare_write_v5.2' into 'release/v5.2'

Browse Source 
fix(blufi): Fixed crash issue in Blufi example during prepare write operation (v5.2)

See merge request espressif/esp-idf!35715
This commit is contained in:
Island
2024-12-18 10:43:23 +08:00
parent 455ea9541c c3c7f4a49f
commit 8bd6d9a425
2 changed files with 26 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
components/bt/common/btc/profile/esp/blufi/bluedroid_host/esp_blufi.c
View File

@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@ -160,20 +160,31 @@ static void blufi_profile_cb(tBTA_GATTS_EVT event, tBTA_GATTS *p_data)
if (p_data->req_data.p_data->write_req.is_prep) { if (p_data->req_data.p_data->write_req.is_prep) {
tBTA_GATT_STATUS status = GATT_SUCCESS; tBTA_GATT_STATUS status = GATT_SUCCESS;
if (blufi_env.prepare_buf == NULL) { do {
blufi_env.prepare_buf = osi_malloc(BLUFI_PREPAIR_BUF_MAX_SIZE); if (p_data->req_data.p_data->write_req.offset > BLUFI_PREPARE_BUF_MAX_SIZE) {
blufi_env.prepare_len = 0; status = ESP_GATT_INVALID_OFFSET;
break;
}
if ((p_data->req_data.p_data->write_req.offset + p_data->req_data.p_data->write_req.len) > BLUFI_PREPARE_BUF_MAX_SIZE) {
status = ESP_GATT_INVALID_ATTR_LEN;
break;
}
if (blufi_env.prepare_buf == NULL) { if (blufi_env.prepare_buf == NULL) {
BLUFI_TRACE_ERROR("Blufi prep no mem\n"); if (p_data->req_data.p_data->write_req.offset != 0) {
status = GATT_NO_RESOURCES; status = GATT_INVALID_OFFSET;
break;
}
blufi_env.prepare_buf = osi_malloc(BLUFI_PREPARE_BUF_MAX_SIZE);
blufi_env.prepare_len = 0;
if (blufi_env.prepare_buf == NULL) {
BLUFI_TRACE_ERROR("Blufi prep no mem\n");
status = GATT_NO_RESOURCES;
break;
}
} }
} else { } while (0);
if (p_data->req_data.p_data->write_req.offset > BLUFI_PREPAIR_BUF_MAX_SIZE) {
status = GATT_INVALID_OFFSET;
} else if ((p_data->req_data.p_data->write_req.offset + p_data->req_data.p_data->write_req.len) > BLUFI_PREPAIR_BUF_MAX_SIZE) {
status = GATT_INVALID_ATTR_LEN;
}
}
memset(&rsp, 0, sizeof(tGATTS_RSP)); memset(&rsp, 0, sizeof(tGATTS_RSP));
rsp.attr_value.handle = p_data->req_data.p_data->write_req.handle; rsp.attr_value.handle = p_data->req_data.p_data->write_req.handle;

2
components/bt/common/btc/profile/esp/blufi/include/blufi_int.h
View File

@ -36,7 +36,9 @@ typedef struct {
UINT32 trans_id; UINT32 trans_id;
UINT8 congest; UINT8 congest;
UINT16 frag_size; UINT16 frag_size;
// Deprecated: This macro will be removed in the future
#define BLUFI_PREPAIR_BUF_MAX_SIZE 1024 #define BLUFI_PREPAIR_BUF_MAX_SIZE 1024
#define BLUFI_PREPARE_BUF_MAX_SIZE 1024
uint8_t *prepare_buf; uint8_t *prepare_buf;
int prepare_len; int prepare_len;
/* Control reference */ /* Control reference */