From f8946dc471d71b0f2376415f719ef5c28fe3f845 Mon Sep 17 00:00:00 2001
From: xiongweichao <xiongweichao@espressif.com>
Date: Tue, 9 Feb 2021 11:23:36 +0800
Subject: [PATCH] components/bt: Fix crash in btc_hf_arg_deep_copy when name or
 number is NULL

---
 .../bluedroid/btc/profile/std/hf_ag/btc_hf_ag.c  | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/components/bt/host/bluedroid/btc/profile/std/hf_ag/btc_hf_ag.c b/components/bt/host/bluedroid/btc/profile/std/hf_ag/btc_hf_ag.c
index 0a2f1db2f9..32f9c23836 100644
--- a/components/bt/host/bluedroid/btc/profile/std/hf_ag/btc_hf_ag.c
+++ b/components/bt/host/bluedroid/btc/profile/std/hf_ag/btc_hf_ag.c
@@ -917,6 +917,10 @@ void btc_hf_arg_deep_copy(btc_msg_t *msg, void *p_dest, void *p_src)
 
         case BTC_HF_COPS_RESPONSE_EVT:
         {
+            if (src->cops_rep.name == NULL) {
+                break;
+            }
+
             dst->cops_rep.name = (char *)osi_malloc(strlen(src->cops_rep.name)+1);
             if(dst->cops_rep.name) {
                 memcpy(dst->cops_rep.name, src->cops_rep.name, strlen(src->cops_rep.name)+1);
@@ -930,6 +934,10 @@ void btc_hf_arg_deep_copy(btc_msg_t *msg, void *p_dest, void *p_src)
 
         case BTC_HF_CLCC_RESPONSE_EVT:
         {
+            if (src->clcc_rep.number == NULL) {
+                break;
+            }
+
             dst->clcc_rep.number = (char *)osi_malloc(strlen(src->clcc_rep.number)+1);
             if(dst->clcc_rep.number) {
                 memcpy(dst->clcc_rep.number, src->clcc_rep.number, strlen(src->clcc_rep.number)+1);
@@ -943,6 +951,10 @@ void btc_hf_arg_deep_copy(btc_msg_t *msg, void *p_dest, void *p_src)
 
         case BTC_HF_CNUM_RESPONSE_EVT:
         {
+            if (src->cnum_rep.number == NULL) {
+                break;
+            }
+
             dst->cnum_rep.number = (char *)osi_malloc(strlen(src->cnum_rep.number)+1);
             if(dst->cnum_rep.number) {
                 memcpy(dst->cnum_rep.number, src->cnum_rep.number, strlen(src->cnum_rep.number)+1);
@@ -959,6 +971,10 @@ void btc_hf_arg_deep_copy(btc_msg_t *msg, void *p_dest, void *p_src)
         case BTC_HF_OUT_CALL_EVT:
         case BTC_HF_END_CALL_EVT:
         {
+            if (src->phone.number == NULL) {
+                break;
+            }
+
             dst->phone.number = (char *)osi_malloc(strlen(src->phone.number)+1);
             if(dst->phone.number) {
                 memcpy(dst->phone.number, src->phone.number, strlen(src->phone.number)+1);