fix(ble/bluedroid): Fix potential uint32_t overflow in BLE btu_start_timer

2025-03-20 20:01:09 +08:00
parent 3a16029484
commit 287f45ad8b
9 changed files with 20 additions and 17 deletions
--- a/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
+++ b/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
@@ -1661,7 +1661,8 @@ esp_err_t esp_ble_gap_set_scan_params(esp_ble_scan_params_t *scan_params);
 /**
 * @brief           This procedure keep the device scanning the peer device which advertising on the air
 *
- * @param[in]       duration: Keeping the scanning time, the unit is second.
+ * @param[in]       duration: The scanning duration in seconds.
+ *                            Set to 0 for continuous scanning until explicitly stopped.
 *
 * @return
 *                  - ESP_OK : success
--- a/components/bt/host/bluedroid/stack/btu/btu_task.c
+++ b/components/bt/host/bluedroid/stack/btu/btu_task.c
@@ -448,7 +448,7 @@ void btu_start_timer(TIMER_LIST_ENT *p_tle, UINT16 type, UINT32 timeout_sec)
    // NOTE: This value is in seconds but stored in a ticks field.
    p_tle->ticks = timeout_sec;
    p_tle->in_use = TRUE;
-    osi_alarm_set(alarm, (period_ms_t)(timeout_sec * 1000));
+    osi_alarm_set(alarm, (period_ms_t)((period_ms_t)timeout_sec * 1000));
 }


--- a/examples/bluetooth/bluedroid/ble/ble_eddystone_receiver/main/esp_eddystone_demo.c
+++ b/examples/bluetooth/bluedroid/ble/ble_eddystone_receiver/main/esp_eddystone_demo.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Unlicense OR CC0-1.0
 */
@@ -52,9 +52,9 @@ static void esp_eddystone_show_inform(const esp_eddystone_result_t* res)
            ESP_LOGI(DEMO_TAG, "Eddystone UID inform:");
            ESP_LOGI(DEMO_TAG, "Measured power(RSSI at 0m distance):%d dbm", res->inform.uid.ranging_data);
            ESP_LOGI(DEMO_TAG, "EDDYSTONE_DEMO: Namespace ID:0x");
-            esp_log_buffer_hex(DEMO_TAG, res->inform.uid.namespace_id, 10);
+            ESP_LOG_BUFFER_HEX(DEMO_TAG, res->inform.uid.namespace_id, 10);
            ESP_LOGI(DEMO_TAG, "EDDYSTONE_DEMO: Instance ID:0x");
-            esp_log_buffer_hex(DEMO_TAG, res->inform.uid.instance_id, 6);
+            ESP_LOG_BUFFER_HEX(DEMO_TAG, res->inform.uid.instance_id, 6);
            break;
        }
        case EDDYSTONE_FRAME_TYPE_URL: {
@@ -84,6 +84,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t* par
    switch(event)
    {
        case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
+            // the unit of the duration is second, 0 means scan permanently
            uint32_t duration = 0;
            esp_ble_gap_start_scanning(duration);
            break;
@@ -111,10 +112,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t* par
                        return;
                    } else {
                        // The received adv data is a correct eddystone frame packet.
-                        // Here, we get the eddystone infomation in eddystone_res, we can use the data in res to do other things.
+                        // Here, we get the eddystone information in eddystone_res, we can use the data in res to do other things.
                        // For example, just print them:
                        ESP_LOGI(DEMO_TAG, "--------Eddystone Found----------");
-                        esp_log_buffer_hex("EDDYSTONE_DEMO: Device address:", scan_result->scan_rst.bda, ESP_BD_ADDR_LEN);
+                        ESP_LOG_BUFFER_HEX("EDDYSTONE_DEMO: Device address:", scan_result->scan_rst.bda, ESP_BD_ADDR_LEN);
                        ESP_LOGI(DEMO_TAG, "RSSI of packet:%d dbm", scan_result->scan_rst.rssi);
                        esp_eddystone_show_inform(&eddystone_res);
                    }
--- a/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c
+++ b/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c
@@ -73,7 +73,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
    }
    case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
 #if (IBEACON_MODE == IBEACON_RECEIVER)
-        //the unit of the duration is second, 0 means scan permanently
+        // the unit of the duration is second, 0 means scan permanently
        uint32_t duration = 0;
        esp_ble_gap_start_scanning(duration);
 #endif
--- a/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c
+++ b/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Unlicense OR CC0-1.0
 */
@@ -216,9 +216,8 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
            ESP_LOGE(GATTC_TAG, "Scan param set failed: %s", esp_err_to_name(err));
            break;
        }
-        //the unit of the duration is second
-        uint32_t duration = 0xFFFF;
-        ESP_LOGI(GATTC_TAG, "Enable Ble Scan:during time %04" PRIx32 " minutes.",duration);
+        // the unit of the duration is second, 0 means scan permanently
+        uint32_t duration = 0;
        esp_ble_gap_start_scanning(duration);
        break;
    }
--- a/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c
+++ b/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c
@@ -315,7 +315,9 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
    uint8_t adv_name_len = 0;
    switch (event) {
    case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
-        //the unit of the duration is second
+        // The unit of duration is seconds.
+        // If duration is set to 0, scanning will continue indefinitely
+        // until esp_ble_gap_stop_scanning is explicitly called.
        uint32_t duration = 30;
        esp_ble_gap_start_scanning(duration);
        break;
--- a/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c
+++ b/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c
@@ -379,7 +379,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
        }
        break;
    case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
-        //the unit of the duration is second
+        // the unit of the duration is second, 0 means scan permanently
        uint32_t duration = 30;
        esp_ble_gap_start_scanning(duration);
        break;
--- a/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c
+++ b/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c
@@ -750,7 +750,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
                  param->update_conn_params.timeout);
        break;
    case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
-        //the unit of the duration is second
+        // the unit of the duration is second, 0 means scan permanently
        uint32_t duration = 30;
        esp_ble_gap_start_scanning(duration);
        break;
--- a/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c
+++ b/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c
@@ -276,8 +276,8 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param
        ESP_LOGI(COEX_TAG, "ESP_GAP_BLE_SCAN_STOP_COMPLETE_EVT, stop scan successfully\n");
        break;
    case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: {
-        ESP_LOGI(COEX_TAG, "ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT, set scan sparameters complete\n");
-        //the unit of the duration is second
+        ESP_LOGI(COEX_TAG, "ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT, set scan sparameters complete");
+        // the unit of the duration is second, 0 means scan permanently
        uint32_t duration = 120;
        esp_ble_gap_start_scanning(duration);
        break;