feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

fix(bt/bluedroid): Fix some bugs in PBAP client

Browse Source 
- Supported feature not set correctly
- Array access out of bounds issue
- Type conversion warning
This commit is contained in:
linruihao
2025-01-23 16:27:38 +08:00
parent 265e73de2d
commit 42ddce477f
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
components/bt/host/bluedroid/bta/pba/bta_pba_client_act.c
View File

@@ -334,7 +334,7 @@ static void goep_event_callback(UINT16 handle, UINT8 event, tGOEPC_MSG *p_msg)
switch (event) switch (event)
{ {
case GOEPC_OPENED_EVT: case GOEPC_OPENED_EVT:
p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_GOEP_CONNECT)); p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_DATA));
assert(p_data != NULL); assert(p_data != NULL);
p_data->goep_connect.hdr.event = BTA_PBA_CLIENT_GOEP_CONNECT_EVT; p_data->goep_connect.hdr.event = BTA_PBA_CLIENT_GOEP_CONNECT_EVT;
p_data->goep_connect.hdr.layer_specific = handle; p_data->goep_connect.hdr.layer_specific = handle;
@@ -342,14 +342,14 @@ static void goep_event_callback(UINT16 handle, UINT8 event, tGOEPC_MSG *p_msg)
p_data->goep_connect.peer_mtu = p_msg->opened.peer_mtu; p_data->goep_connect.peer_mtu = p_msg->opened.peer_mtu;
break; break;
case GOEPC_CLOSED_EVT: case GOEPC_CLOSED_EVT:
p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_GOEP_DISCONNECT)); p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_DATA));
assert(p_data != NULL); assert(p_data != NULL);
p_data->goep_disconnect.hdr.event = BTA_PBA_CLIENT_GOEP_DISCONNECT_EVT; p_data->goep_disconnect.hdr.event = BTA_PBA_CLIENT_GOEP_DISCONNECT_EVT;
p_data->goep_disconnect.hdr.layer_specific = handle; p_data->goep_disconnect.hdr.layer_specific = handle;
p_data->goep_disconnect.reason = p_msg->closed.reason; p_data->goep_disconnect.reason = p_msg->closed.reason;
break; break;
case GOEPC_RESPONSE_EVT: case GOEPC_RESPONSE_EVT:
p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_GOEP_RESPONSE)); p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_DATA));
assert(p_data != NULL); assert(p_data != NULL);
p_data->goep_response.hdr.layer_specific = handle; p_data->goep_response.hdr.layer_specific = handle;
p_data->goep_response.pkt = p_msg->response.pkt; p_data->goep_response.pkt = p_msg->response.pkt;

1
components/bt/host/bluedroid/bta/pba/bta_pba_client_api.c
View File

@@ -80,6 +80,7 @@ void BTA_PbaClientOpen(BD_ADDR bd_addr, tBTA_SEC sec_mask, UINT32 supported_feat
if ((p_buf = (tBTA_PBA_CLIENT_API_OPEN *)osi_malloc(sizeof(tBTA_PBA_CLIENT_API_OPEN))) != NULL) { if ((p_buf = (tBTA_PBA_CLIENT_API_OPEN *)osi_malloc(sizeof(tBTA_PBA_CLIENT_API_OPEN))) != NULL) {
p_buf->hdr.event = BTA_PBA_CLIENT_API_OPEN_EVT; p_buf->hdr.event = BTA_PBA_CLIENT_API_OPEN_EVT;
p_buf->sec_mask = sec_mask; p_buf->sec_mask = sec_mask;
p_buf->supported_feat = supported_feat;
p_buf->mtu = mtu; p_buf->mtu = mtu;
bdcpy(p_buf->bd_addr, bd_addr); bdcpy(p_buf->bd_addr, bd_addr);
bta_sys_sendmsg(p_buf); bta_sys_sendmsg(p_buf);

5
components/bt/host/bluedroid/bta/pba/bta_pba_client_sdp.c
View File

@@ -214,8 +214,8 @@ BOOLEAN bta_pba_client_do_disc(tBTA_PBA_CLIENT_CCB *p_ccb)
{ {
tSDP_UUID uuid_list[1]; tSDP_UUID uuid_list[1];
UINT16 num_uuid = 1; UINT16 num_uuid = 1;
UINT16 attr_list[4]; UINT16 attr_list[6];
UINT8 num_attr; UINT8 num_attr = 6;
BOOLEAN db_inited = FALSE; BOOLEAN db_inited = FALSE;
/* get proto list and features */ /* get proto list and features */
@@ -225,7 +225,6 @@ BOOLEAN bta_pba_client_do_disc(tBTA_PBA_CLIENT_CCB *p_ccb)
attr_list[3] = ATTR_ID_GOEP_L2CAP_PSM; attr_list[3] = ATTR_ID_GOEP_L2CAP_PSM;
attr_list[4] = ATTR_ID_SUPPORTED_REPOSITORIES; attr_list[4] = ATTR_ID_SUPPORTED_REPOSITORIES;
attr_list[5] = ATTR_ID_PBAP_SUPPORTED_FEATURES; attr_list[5] = ATTR_ID_PBAP_SUPPORTED_FEATURES;
num_attr = 6;
uuid_list[0].uu.uuid16 = UUID_SERVCLASS_PBAP_PSE; uuid_list[0].uu.uuid16 = UUID_SERVCLASS_PBAP_PSE;
uuid_list[0].len = LEN_UUID_16; uuid_list[0].len = LEN_UUID_16;