Merge branch 'bugfix/ble_enhanced_security_v2' into 'master'

fix(ble/bluedroid): Fixed potential out-of-bounds memory access when resolve adv data

Closes BLERP-2149

See merge request espressif/esp-idf!41160

components/bt/host/bluedroid/stack/btm/btm_ble_gap.c

@@ -2071,6 +2071,13 @@ UINT8 *BTM_CheckAdvData( UINT8 *p_adv, UINT16 adv_data_len, UINT8 type, UINT8 *p
         STREAM_TO_UINT8(adv_type, p);
 
         if ( adv_type == type ) {
+
+            if((p + length - 1) > (p_adv + adv_data_len)) {
+                /* avoid memory overflow*/
+                *p_length = 0;
+                return NULL;
+            }
+
             /* length doesn't include itself */
             *p_length = length - 1; /* minus the length of type */
             return p;

examples/bluetooth/bluedroid/ble/gatt_server/main/gatts_demo.c

@@ -204,7 +204,7 @@ void example_exec_write_event_env(prepare_type_env_t *prepare_write_env, esp_ble
 static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *param)
 {
     switch (event) {
-#ifdef CONFIG_SET_RAW_ADV_DATA
+#ifdef CONFIG_EXAMPLE_SET_RAW_ADV_DATA
     case ESP_GAP_BLE_ADV_DATA_RAW_SET_COMPLETE_EVT:
         adv_config_done &= (~adv_config_flag);
         if (adv_config_done==0){

examples/bluetooth/bluedroid/ble/gatt_server_service_table/tutorial/Gatt_Server_Service_Table_Example_Walkthrough.md

@@ -26,7 +26,6 @@ Let’s start by taking a look at the included headers in the [gatts_table_creat
 #include "esp_gatts_api.h"
 #include "esp_bt_defs.h"
 #include "esp_bt_main.h"
-#include "esp_bt_main.h"
 #include “gatts_table_creat_demo.h"
 ```
 These includes are required for the *FreeRTOS* and underlying system components to run, including logging functionality and a library to store data in non-volatile flash memory. We are interested in ``bt.h``, ``esp_bt_main.h``, ``esp_gap_ble_api.h`` and ``esp_gatts_api.h`` which expose the BLE APIs required to implement this example.