From a5b43c72c8e88c343bd6064fa673505c69e7f82d Mon Sep 17 00:00:00 2001 From: Zhang Hai Peng Date: Mon, 7 Apr 2025 21:13:57 +0800 Subject: [PATCH 1/4] fix(ble/bluedroid): Fixed BLE crash when disable bluedroid host (cherry picked from commit 9dfa6ab0e91347f7376a87561a818b08b32f1974) Co-authored-by: zhanghaipeng --- components/bt/common/btc/core/btc_manage.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/components/bt/common/btc/core/btc_manage.c b/components/bt/common/btc/core/btc_manage.c index 52aa837b99..e65e107988 100644 --- a/components/bt/common/btc/core/btc_manage.c +++ b/components/bt/common/btc/core/btc_manage.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -16,6 +16,12 @@ void **btc_profile_cb_tab; void esp_profile_cb_reset(void) { + #if BTC_DYNAMIC_MEMORY == TRUE + if (btc_profile_cb_tab == NULL) { + return; + } + #endif + int i; for (i = 0; i < BTC_PID_NUM; i++) { @@ -25,6 +31,12 @@ void esp_profile_cb_reset(void) int btc_profile_cb_set(btc_pid_t profile_id, void *cb) { + #if BTC_DYNAMIC_MEMORY == TRUE + if (btc_profile_cb_tab == NULL) { + return -1; + } + #endif + if (profile_id < 0 || profile_id >= BTC_PID_NUM) { return -1; } @@ -36,6 +48,12 @@ int btc_profile_cb_set(btc_pid_t profile_id, void *cb) void *btc_profile_cb_get(btc_pid_t profile_id) { + #if BTC_DYNAMIC_MEMORY == TRUE + if (btc_profile_cb_tab == NULL) { + return NULL; + } + #endif + if (profile_id < 0 || profile_id >= BTC_PID_NUM) { return NULL; } From 6bdad836ea444753a738ffd415033242b366f8e6 Mon Sep 17 00:00:00 2001 From: Zhang Hai Peng Date: Mon, 7 Apr 2025 21:13:59 +0800 Subject: [PATCH 2/4] fix(ble/bluedroid): Fix missing event reporting in `esp_ble_create_sc_oob_data` (cherry picked from commit f291725936624574e1dead516eca240f0bcdd637) Co-authored-by: zhanghaipeng --- .../bt/host/bluedroid/stack/btm/btm_ble.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/components/bt/host/bluedroid/stack/btm/btm_ble.c b/components/bt/host/bluedroid/stack/btm/btm_ble.c index b2bc1bd574..c24a111ee4 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_ble.c +++ b/components/bt/host/bluedroid/stack/btm/btm_ble.c @@ -2294,17 +2294,16 @@ UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data) } - } else { - if (event == SMP_SC_LOC_OOB_DATA_UP_EVT) { - tBTM_LE_EVT_DATA evt_data; - memcpy(&evt_data.local_oob_data, &p_data->loc_oob_data, sizeof(tSMP_LOC_OOB_DATA)); - if (btm_cb.api.p_le_callback) { - (*btm_cb.api.p_le_callback)(event, bd_addr, &evt_data); - } - } else { - BTM_TRACE_ERROR("btm_proc_smp_cback received for unknown device"); + } + + if (event == SMP_SC_LOC_OOB_DATA_UP_EVT) { + tBTM_LE_EVT_DATA evt_data; + memcpy(&evt_data.local_oob_data, &p_data->loc_oob_data, sizeof(tSMP_LOC_OOB_DATA)); + if (btm_cb.api.p_le_callback) { + (*btm_cb.api.p_le_callback)(event, bd_addr, &evt_data); } } + return 0; } #endif ///SMP_INCLUDED == TRUE From 4729fba793e1ec6c42f369ac3155e47e9c454b78 Mon Sep 17 00:00:00 2001 From: Zhang Hai Peng Date: Mon, 7 Apr 2025 21:14:04 +0800 Subject: [PATCH 3/4] fix(ble/bluedrooid): Fixed memory leak issue when deinit the host (cherry picked from commit 6becf74cbb86df03c202f0df66b9e418464a76a8) Co-authored-by: zhanghaipeng --- components/bt/host/bluedroid/device/controller.c | 13 ++++++++++++- components/bt/host/bluedroid/main/bte_main.c | 10 +++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/components/bt/host/bluedroid/device/controller.c b/components/bt/host/bluedroid/device/controller.c index d745bcba0c..39c8f66631 100644 --- a/components/bt/host/bluedroid/device/controller.c +++ b/components/bt/host/bluedroid/device/controller.c @@ -98,6 +98,7 @@ static controller_local_param_t *controller_param_ptr; #define AWAIT_COMMAND(command) future_await(controller_param.hci->transmit_command_futured(command)) +static bool loaded = false; // Module lifecycle functions static void start_up(void) @@ -323,6 +324,17 @@ static void shut_down(void) controller_param.readable = false; } +#if (BT_BLE_DYNAMIC_ENV_MEMORY == TRUE) +void free_controller_param(void) +{ + if (controller_param_ptr) { + osi_free(controller_param_ptr); + controller_param_ptr = NULL; + loaded = false; + } +} +#endif + static bool get_is_ready(void) { return controller_param.readable; @@ -596,7 +608,6 @@ static const controller_t interface = { const controller_t *controller_get_interface(void) { - static bool loaded = false; if (!loaded) { loaded = true; #if (BT_BLE_DYNAMIC_ENV_MEMORY == TRUE) diff --git a/components/bt/host/bluedroid/main/bte_main.c b/components/bt/host/bluedroid/main/bte_main.c index c47bdc15f9..c974037ef9 100644 --- a/components/bt/host/bluedroid/main/bte_main.c +++ b/components/bt/host/bluedroid/main/bte_main.c @@ -64,6 +64,9 @@ static void bte_main_enable(void); bluedroid_init_done_cb_t bluedroid_init_done_cb; extern void osi_mem_dbg_init(void); +#if (BT_BLE_DYNAMIC_ENV_MEMORY == TRUE) +extern void free_controller_param(void); +#endif /****************************************************************************** ** ** Function bte_main_boot_entry @@ -85,7 +88,7 @@ int bte_main_boot_entry(bluedroid_init_done_cb_t cb) osi_init(); - //Enbale HCI + //Enable HCI bte_main_enable(); return 0; @@ -105,6 +108,11 @@ void bte_main_shutdown(void) #if (BLE_INCLUDED == TRUE) BTA_VendorCleanup(); #endif + +#if (BT_BLE_DYNAMIC_ENV_MEMORY == TRUE) + free_controller_param(); +#endif + bte_main_disable(); osi_deinit(); From d72a674119b39f7579d518fee4eb24709be26755 Mon Sep 17 00:00:00 2001 From: Zhang Hai Peng Date: Mon, 7 Apr 2025 21:14:06 +0800 Subject: [PATCH 4/4] fix(ble/bluedroid): Fix potential uint32_t overflow in BLE btu_start_timer (cherry picked from commit a9286567f045a5c219bb90ccf1231fd8c3777a36) Co-authored-by: zhanghaipeng --- .../bt/host/bluedroid/api/include/api/esp_gap_ble_api.h | 3 ++- components/bt/host/bluedroid/stack/btu/btu_task.c | 2 +- .../bluedroid/ble/ble_eddystone/main/esp_eddystone_demo.c | 1 + .../bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c | 2 +- .../bluedroid/ble/ble_spp_client/main/spp_client_demo.c | 7 +++---- .../bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c | 4 +++- .../gatt_security_client/main/example_ble_sec_gattc_demo.c | 2 +- .../ble/gattc_multi_connect/main/gattc_multi_connect.c | 2 +- .../coex/gattc_gatts_coex/main/gattc_gatts_coex.c | 2 +- 9 files changed, 14 insertions(+), 11 deletions(-) diff --git a/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h b/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h index 748c34c2ca..a7d8b65a6f 100644 --- a/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h +++ b/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h @@ -1663,7 +1663,8 @@ esp_err_t esp_ble_gap_set_scan_params(esp_ble_scan_params_t *scan_params); /** * @brief This procedure keep the device scanning the peer device which advertising on the air * - * @param[in] duration: Keeping the scanning time, the unit is second. + * @param[in] duration: The scanning duration in seconds. + * Set to 0 for continuous scanning until explicitly stopped. * * @return * - ESP_OK : success diff --git a/components/bt/host/bluedroid/stack/btu/btu_task.c b/components/bt/host/bluedroid/stack/btu/btu_task.c index df3a4aa3eb..bffa6837b0 100644 --- a/components/bt/host/bluedroid/stack/btu/btu_task.c +++ b/components/bt/host/bluedroid/stack/btu/btu_task.c @@ -453,7 +453,7 @@ void btu_start_timer(TIMER_LIST_ENT *p_tle, UINT16 type, UINT32 timeout_sec) // NOTE: This value is in seconds but stored in a ticks field. p_tle->ticks = timeout_sec; p_tle->in_use = TRUE; - osi_alarm_set(alarm, (period_ms_t)(timeout_sec * 1000)); + osi_alarm_set(alarm, (period_ms_t)((period_ms_t)timeout_sec * 1000)); } diff --git a/examples/bluetooth/bluedroid/ble/ble_eddystone/main/esp_eddystone_demo.c b/examples/bluetooth/bluedroid/ble/ble_eddystone/main/esp_eddystone_demo.c index 6934993a7a..190ab3f65e 100644 --- a/examples/bluetooth/bluedroid/ble/ble_eddystone/main/esp_eddystone_demo.c +++ b/examples/bluetooth/bluedroid/ble/ble_eddystone/main/esp_eddystone_demo.c @@ -84,6 +84,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t* par switch(event) { case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { + // the unit of the duration is second, 0 means scan permanently uint32_t duration = 0; esp_ble_gap_start_scanning(duration); break; diff --git a/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c b/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c index 7d55039171..846f7fea31 100644 --- a/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c +++ b/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c @@ -73,7 +73,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par } case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { #if (IBEACON_MODE == IBEACON_RECEIVER) - //the unit of the duration is second, 0 means scan permanently + // the unit of the duration is second, 0 means scan permanently uint32_t duration = 0; esp_ble_gap_start_scanning(duration); #endif diff --git a/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c b/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c index d85d2555f5..9448b8f3d9 100644 --- a/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c +++ b/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Unlicense OR CC0-1.0 */ @@ -216,9 +216,8 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par ESP_LOGE(GATTC_TAG, "Scan param set failed: %s", esp_err_to_name(err)); break; } - //the unit of the duration is second - uint32_t duration = 0xFFFF; - ESP_LOGI(GATTC_TAG, "Enable Ble Scan:during time %04" PRIx32 " minutes.",duration); + // the unit of the duration is second, 0 means scan permanently + uint32_t duration = 0; esp_ble_gap_start_scanning(duration); break; } diff --git a/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c b/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c index e5cc1ef3f7..7132cc9214 100644 --- a/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c +++ b/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c @@ -325,7 +325,9 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par uint8_t adv_name_len = 0; switch (event) { case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { - //the unit of the duration is second + // The unit of duration is seconds. + // If duration is set to 0, scanning will continue indefinitely + // until esp_ble_gap_stop_scanning is explicitly called. uint32_t duration = 30; esp_ble_gap_start_scanning(duration); break; diff --git a/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c b/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c index 6ca23929a4..365a6fe0b2 100644 --- a/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c +++ b/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c @@ -385,7 +385,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par } break; case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { - //the unit of the duration is second + // the unit of the duration is second, 0 means scan permanently uint32_t duration = 30; esp_ble_gap_start_scanning(duration); break; diff --git a/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c b/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c index 740a0439b1..8833884d12 100644 --- a/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c +++ b/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c @@ -775,7 +775,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par param->update_conn_params.timeout); break; case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { - //the unit of the duration is second + // the unit of the duration is second, 0 means scan permanently uint32_t duration = 30; esp_ble_gap_start_scanning(duration); break; diff --git a/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c b/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c index e8ffab0731..655be8b636 100644 --- a/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c +++ b/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c @@ -278,7 +278,7 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param break; case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { ESP_LOGI(COEX_TAG, "ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT, set scan sparameters complete"); - //the unit of the duration is second + // the unit of the duration is second, 0 means scan permanently uint32_t duration = 120; esp_ble_gap_start_scanning(duration); break;