diff --git a/components/bt/bluedroid/bta/gatt/bta_gattc_api.c b/components/bt/bluedroid/bta/gatt/bta_gattc_api.c index d75c5a96a5..20f6438855 100644 --- a/components/bt/bluedroid/bta/gatt/bta_gattc_api.c +++ b/components/bt/bluedroid/bta/gatt/bta_gattc_api.c @@ -298,7 +298,7 @@ void BTA_GATTC_ServiceSearchRequest (UINT16 conn_id, tBT_UUID *p_srvc_uuid) ** Returns returns list_t of tBTA_GATTC_SERVICE or NULL. ** *******************************************************************************/ -const list_t* BTA_GATTC_GetServices(UINT16 conn_id) +const list_t* BTA_GATTC_GetServices(UINT16 conn_id) { return bta_gattc_get_services(conn_id); } @@ -315,7 +315,7 @@ const list_t* BTA_GATTC_GetServices(UINT16 conn_id) ** Returns returns pointer to tBTA_GATTC_CHARACTERISTIC or NULL. ** *******************************************************************************/ -const tBTA_GATTC_CHARACTERISTIC* BTA_GATTC_GetCharacteristic(UINT16 conn_id, UINT16 handle) +const tBTA_GATTC_CHARACTERISTIC* BTA_GATTC_GetCharacteristic(UINT16 conn_id, UINT16 handle) { return bta_gattc_get_characteristic(conn_id, handle); } @@ -759,7 +759,7 @@ void BTA_GATTC_PrepareWriteCharDescr (UINT16 conn_id, UINT16 handle, tBTA_GATT_AUTH_REQ auth_req) { tBTA_GATTC_API_WRITE *p_buf; - UINT16 len = sizeof(tBTA_GATTC_API_WRITE) + p_data->len; + UINT16 len = sizeof(tBTA_GATTC_API_WRITE); if (p_data != NULL) { len += p_data->len; @@ -998,7 +998,7 @@ void BTA_GATTC_CacheAssoc(tBTA_GATTC_IF client_if, BD_ADDR src_addr, BD_ADDR ass memcpy(p_buf->assoc_addr, assoc_addr, sizeof(BD_ADDR)); bta_sys_sendmsg(p_buf); - + } return; } diff --git a/components/bt/bluedroid/btc/profile/std/gatt/btc_gattc.c b/components/bt/bluedroid/btc/profile/std/gatt/btc_gattc.c index 5fd852ccb3..efeaea77eb 100644 --- a/components/bt/bluedroid/btc/profile/std/gatt/btc_gattc.c +++ b/components/bt/bluedroid/btc/profile/std/gatt/btc_gattc.c @@ -121,14 +121,14 @@ static void btc_gattc_copy_req_data(btc_msg_t *msg, void *p_dest, void *p_src) tBTA_GATTC *p_dest_data = (tBTA_GATTC *) p_dest; tBTA_GATTC *p_src_data = (tBTA_GATTC *) p_src; - if (!p_src_data || !p_dest_data) { + if (!p_src_data || !p_dest_data || !msg) { return; } // Allocate buffer for request data if necessary switch (msg->act) { case BTA_GATTC_READ_DESCR_EVT: - case BTA_GATTC_READ_CHAR_EVT: + case BTA_GATTC_READ_CHAR_EVT: case BTA_GATTC_READ_MULTIPLE_EVT: { if (p_src_data->read.p_value && p_src_data->read.p_value->p_value) { p_dest_data->read.p_value = (tBTA_GATT_UNFMT *)osi_malloc(sizeof(tBTA_GATT_UNFMT) + p_src_data->read.p_value->len); @@ -164,7 +164,7 @@ static void btc_gattc_free_req_data(btc_msg_t *msg) tBTA_GATTC *arg = (tBTA_GATTC *)(msg->arg); switch (msg->act) { case BTA_GATTC_READ_DESCR_EVT: - case BTA_GATTC_READ_CHAR_EVT: + case BTA_GATTC_READ_CHAR_EVT: case BTA_GATTC_READ_MULTIPLE_EVT: { if (arg->read.p_value) { osi_free(arg->read.p_value); diff --git a/components/bt/bluedroid/hci/hci_hal_h4.c b/components/bt/bluedroid/hci/hci_hal_h4.c index 819a9a7551..3191658ca8 100644 --- a/components/bt/bluedroid/hci/hci_hal_h4.c +++ b/components/bt/bluedroid/hci/hci_hal_h4.c @@ -249,11 +249,12 @@ static void hci_hal_h4_hdl_rx_packet(BT_HDR *packet) { uint8_t type, hdr_size; uint16_t length; - uint8_t *stream = packet->data + packet->offset; + uint8_t *stream = NULL; if (!packet) { return; } + stream = packet->data + packet->offset; #if (C2H_FLOW_CONTROL_INCLUDED == TRUE) hci_packet_complete(packet); diff --git a/components/bt/bluedroid/stack/btm/btm_ble.c b/components/bt/bluedroid/stack/btm/btm_ble.c index 356c02bd15..355e66d950 100644 --- a/components/bt/bluedroid/stack/btm/btm_ble.c +++ b/components/bt/bluedroid/stack/btm/btm_ble.c @@ -827,6 +827,7 @@ BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr) tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, UINT16 tx_pdu_length) { tACL_CONN *p_acl = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE); + BTM_TRACE_DEBUG("%s: tx_pdu_length =%d", __FUNCTION__, tx_pdu_length); if (!controller_get_interface()->supports_ble_packet_extension()) { @@ -834,12 +835,12 @@ tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, UINT16 tx_pdu_length) return BTM_CONTROL_LE_DATA_LEN_UNSUPPORTED; } - if (!HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features)) { - BTM_TRACE_ERROR("%s failed, peer does not support request", __FUNCTION__); - return BTM_PEER_LE_DATA_LEN_UNSUPPORTED; - } - if (p_acl != NULL) { + if (!HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features)) { + BTM_TRACE_ERROR("%s failed, peer does not support request", __FUNCTION__); + return BTM_PEER_LE_DATA_LEN_UNSUPPORTED; + } + if (tx_pdu_length > BTM_BLE_DATA_SIZE_MAX) { tx_pdu_length = BTM_BLE_DATA_SIZE_MAX; } else if (tx_pdu_length < BTM_BLE_DATA_SIZE_MIN) { diff --git a/components/bt/bluedroid/stack/gatt/gatt_api.c b/components/bt/bluedroid/stack/gatt/gatt_api.c index 1cb0ee1157..00031dccb4 100644 --- a/components/bt/bluedroid/stack/gatt/gatt_api.c +++ b/components/bt/bluedroid/stack/gatt/gatt_api.c @@ -814,15 +814,16 @@ tGATT_STATUS GATTC_ConfigureMTU (UINT16 conn_id) GATT_TRACE_API ("GATTC_ConfigureMTU conn_id=%d mtu=%d", conn_id, mtu ); + if ((p_tcb == NULL) || (p_reg == NULL) || (mtu < GATT_DEF_BLE_MTU_SIZE) || (mtu > GATT_MAX_MTU_SIZE)) { + return GATT_ILLEGAL_PARAMETER; + } + + /* Validate that the link is BLE, not BR/EDR */ if (p_tcb->transport != BT_TRANSPORT_LE) { return GATT_ERROR; } - if ( (p_tcb == NULL) || (p_reg == NULL) || (mtu < GATT_DEF_BLE_MTU_SIZE) || (mtu > GATT_MAX_MTU_SIZE)) { - return GATT_ILLEGAL_PARAMETER; - } - if (gatt_is_clcb_allocated(conn_id)) { GATT_TRACE_ERROR("GATTC_ConfigureMTU GATT_BUSY conn_id = %d", conn_id); return GATT_BUSY;