From be5aa8712b793f4a758a4db8029893c91cdbbfe7 Mon Sep 17 00:00:00 2001 From: Zhang Hai Peng Date: Mon, 7 Apr 2025 21:13:21 +0800 Subject: [PATCH 1/4] fix(ble/bluedroid): Fixed BLE crash when disable bluedroid host (cherry picked from commit 9dfa6ab0e91347f7376a87561a818b08b32f1974) Co-authored-by: zhanghaipeng --- components/bt/common/btc/core/btc_manage.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/components/bt/common/btc/core/btc_manage.c b/components/bt/common/btc/core/btc_manage.c index 52aa837b99..e65e107988 100644 --- a/components/bt/common/btc/core/btc_manage.c +++ b/components/bt/common/btc/core/btc_manage.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -16,6 +16,12 @@ void **btc_profile_cb_tab; void esp_profile_cb_reset(void) { + #if BTC_DYNAMIC_MEMORY == TRUE + if (btc_profile_cb_tab == NULL) { + return; + } + #endif + int i; for (i = 0; i < BTC_PID_NUM; i++) { @@ -25,6 +31,12 @@ void esp_profile_cb_reset(void) int btc_profile_cb_set(btc_pid_t profile_id, void *cb) { + #if BTC_DYNAMIC_MEMORY == TRUE + if (btc_profile_cb_tab == NULL) { + return -1; + } + #endif + if (profile_id < 0 || profile_id >= BTC_PID_NUM) { return -1; } @@ -36,6 +48,12 @@ int btc_profile_cb_set(btc_pid_t profile_id, void *cb) void *btc_profile_cb_get(btc_pid_t profile_id) { + #if BTC_DYNAMIC_MEMORY == TRUE + if (btc_profile_cb_tab == NULL) { + return NULL; + } + #endif + if (profile_id < 0 || profile_id >= BTC_PID_NUM) { return NULL; } From 1660aa1a84c149a8bd289ef01540cf5d5ad14e7d Mon Sep 17 00:00:00 2001 From: Zhang Hai Peng Date: Mon, 7 Apr 2025 21:13:24 +0800 Subject: [PATCH 2/4] fix(ble/bluedroid): Fix missing event reporting in `esp_ble_create_sc_oob_data` (cherry picked from commit f291725936624574e1dead516eca240f0bcdd637) Co-authored-by: zhanghaipeng --- .../bt/host/bluedroid/stack/btm/btm_ble.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/components/bt/host/bluedroid/stack/btm/btm_ble.c b/components/bt/host/bluedroid/stack/btm/btm_ble.c index a69c1f0f2f..2d5e826f20 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_ble.c +++ b/components/bt/host/bluedroid/stack/btm/btm_ble.c @@ -2289,17 +2289,16 @@ UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data) } - } else { - if (event == SMP_SC_LOC_OOB_DATA_UP_EVT) { - tBTM_LE_EVT_DATA evt_data; - memcpy(&evt_data.local_oob_data, &p_data->loc_oob_data, sizeof(tSMP_LOC_OOB_DATA)); - if (btm_cb.api.p_le_callback) { - (*btm_cb.api.p_le_callback)(event, bd_addr, &evt_data); - } - } else { - BTM_TRACE_ERROR("btm_proc_smp_cback received for unknown device"); + } + + if (event == SMP_SC_LOC_OOB_DATA_UP_EVT) { + tBTM_LE_EVT_DATA evt_data; + memcpy(&evt_data.local_oob_data, &p_data->loc_oob_data, sizeof(tSMP_LOC_OOB_DATA)); + if (btm_cb.api.p_le_callback) { + (*btm_cb.api.p_le_callback)(event, bd_addr, &evt_data); } } + return 0; } #endif ///SMP_INCLUDED == TRUE From 3a16029484678d0e75e5eebb8f9d790d50cbc8fa Mon Sep 17 00:00:00 2001 From: Zhang Hai Peng Date: Mon, 7 Apr 2025 21:13:26 +0800 Subject: [PATCH 3/4] fix(ble/bluedrooid): Fixed memory leak issue when deinit the host (cherry picked from commit 6becf74cbb86df03c202f0df66b9e418464a76a8) Co-authored-by: zhanghaipeng --- components/bt/host/bluedroid/device/controller.c | 13 ++++++++++++- components/bt/host/bluedroid/main/bte_main.c | 10 +++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/components/bt/host/bluedroid/device/controller.c b/components/bt/host/bluedroid/device/controller.c index 2e4fd9d3ba..0a60bb4da4 100644 --- a/components/bt/host/bluedroid/device/controller.c +++ b/components/bt/host/bluedroid/device/controller.c @@ -96,6 +96,7 @@ static controller_local_param_t *controller_param_ptr; #define AWAIT_COMMAND(command) future_await(controller_param.hci->transmit_command_futured(command)) +static bool loaded = false; // Module lifecycle functions static void start_up(void) @@ -322,6 +323,17 @@ static void shut_down(void) controller_param.readable = false; } +#if (BT_BLE_DYNAMIC_ENV_MEMORY == TRUE) +void free_controller_param(void) +{ + if (controller_param_ptr) { + osi_free(controller_param_ptr); + controller_param_ptr = NULL; + loaded = false; + } +} +#endif + static bool get_is_ready(void) { return controller_param.readable; @@ -598,7 +610,6 @@ static const controller_t interface = { const controller_t *controller_get_interface(void) { - static bool loaded = false; if (!loaded) { loaded = true; #if (BT_BLE_DYNAMIC_ENV_MEMORY == TRUE) diff --git a/components/bt/host/bluedroid/main/bte_main.c b/components/bt/host/bluedroid/main/bte_main.c index c47bdc15f9..c974037ef9 100644 --- a/components/bt/host/bluedroid/main/bte_main.c +++ b/components/bt/host/bluedroid/main/bte_main.c @@ -64,6 +64,9 @@ static void bte_main_enable(void); bluedroid_init_done_cb_t bluedroid_init_done_cb; extern void osi_mem_dbg_init(void); +#if (BT_BLE_DYNAMIC_ENV_MEMORY == TRUE) +extern void free_controller_param(void); +#endif /****************************************************************************** ** ** Function bte_main_boot_entry @@ -85,7 +88,7 @@ int bte_main_boot_entry(bluedroid_init_done_cb_t cb) osi_init(); - //Enbale HCI + //Enable HCI bte_main_enable(); return 0; @@ -105,6 +108,11 @@ void bte_main_shutdown(void) #if (BLE_INCLUDED == TRUE) BTA_VendorCleanup(); #endif + +#if (BT_BLE_DYNAMIC_ENV_MEMORY == TRUE) + free_controller_param(); +#endif + bte_main_disable(); osi_deinit(); From 287f45ad8b22df97734897a35ab778353b5bec60 Mon Sep 17 00:00:00 2001 From: zhanghaipeng Date: Thu, 20 Mar 2025 20:01:09 +0800 Subject: [PATCH 4/4] fix(ble/bluedroid): Fix potential uint32_t overflow in BLE btu_start_timer --- .../host/bluedroid/api/include/api/esp_gap_ble_api.h | 3 ++- components/bt/host/bluedroid/stack/btu/btu_task.c | 2 +- .../ble_eddystone_receiver/main/esp_eddystone_demo.c | 11 ++++++----- .../bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c | 2 +- .../ble/ble_spp_client/main/spp_client_demo.c | 7 +++---- .../bluedroid/ble/gatt_client/main/gattc_demo.c | 4 +++- .../main/example_ble_sec_gattc_demo.c | 2 +- .../gattc_multi_connect/main/gattc_multi_connect.c | 2 +- .../coex/gattc_gatts_coex/main/gattc_gatts_coex.c | 4 ++-- 9 files changed, 20 insertions(+), 17 deletions(-) diff --git a/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h b/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h index 69d1ca59f3..acde69b1aa 100644 --- a/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h +++ b/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h @@ -1661,7 +1661,8 @@ esp_err_t esp_ble_gap_set_scan_params(esp_ble_scan_params_t *scan_params); /** * @brief This procedure keep the device scanning the peer device which advertising on the air * - * @param[in] duration: Keeping the scanning time, the unit is second. + * @param[in] duration: The scanning duration in seconds. + * Set to 0 for continuous scanning until explicitly stopped. * * @return * - ESP_OK : success diff --git a/components/bt/host/bluedroid/stack/btu/btu_task.c b/components/bt/host/bluedroid/stack/btu/btu_task.c index 6125f3e95f..528f17efb4 100644 --- a/components/bt/host/bluedroid/stack/btu/btu_task.c +++ b/components/bt/host/bluedroid/stack/btu/btu_task.c @@ -448,7 +448,7 @@ void btu_start_timer(TIMER_LIST_ENT *p_tle, UINT16 type, UINT32 timeout_sec) // NOTE: This value is in seconds but stored in a ticks field. p_tle->ticks = timeout_sec; p_tle->in_use = TRUE; - osi_alarm_set(alarm, (period_ms_t)(timeout_sec * 1000)); + osi_alarm_set(alarm, (period_ms_t)((period_ms_t)timeout_sec * 1000)); } diff --git a/examples/bluetooth/bluedroid/ble/ble_eddystone_receiver/main/esp_eddystone_demo.c b/examples/bluetooth/bluedroid/ble/ble_eddystone_receiver/main/esp_eddystone_demo.c index 71ce556515..099f559c43 100644 --- a/examples/bluetooth/bluedroid/ble/ble_eddystone_receiver/main/esp_eddystone_demo.c +++ b/examples/bluetooth/bluedroid/ble/ble_eddystone_receiver/main/esp_eddystone_demo.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Unlicense OR CC0-1.0 */ @@ -52,9 +52,9 @@ static void esp_eddystone_show_inform(const esp_eddystone_result_t* res) ESP_LOGI(DEMO_TAG, "Eddystone UID inform:"); ESP_LOGI(DEMO_TAG, "Measured power(RSSI at 0m distance):%d dbm", res->inform.uid.ranging_data); ESP_LOGI(DEMO_TAG, "EDDYSTONE_DEMO: Namespace ID:0x"); - esp_log_buffer_hex(DEMO_TAG, res->inform.uid.namespace_id, 10); + ESP_LOG_BUFFER_HEX(DEMO_TAG, res->inform.uid.namespace_id, 10); ESP_LOGI(DEMO_TAG, "EDDYSTONE_DEMO: Instance ID:0x"); - esp_log_buffer_hex(DEMO_TAG, res->inform.uid.instance_id, 6); + ESP_LOG_BUFFER_HEX(DEMO_TAG, res->inform.uid.instance_id, 6); break; } case EDDYSTONE_FRAME_TYPE_URL: { @@ -84,6 +84,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t* par switch(event) { case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { + // the unit of the duration is second, 0 means scan permanently uint32_t duration = 0; esp_ble_gap_start_scanning(duration); break; @@ -111,10 +112,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t* par return; } else { // The received adv data is a correct eddystone frame packet. - // Here, we get the eddystone infomation in eddystone_res, we can use the data in res to do other things. + // Here, we get the eddystone information in eddystone_res, we can use the data in res to do other things. // For example, just print them: ESP_LOGI(DEMO_TAG, "--------Eddystone Found----------"); - esp_log_buffer_hex("EDDYSTONE_DEMO: Device address:", scan_result->scan_rst.bda, ESP_BD_ADDR_LEN); + ESP_LOG_BUFFER_HEX("EDDYSTONE_DEMO: Device address:", scan_result->scan_rst.bda, ESP_BD_ADDR_LEN); ESP_LOGI(DEMO_TAG, "RSSI of packet:%d dbm", scan_result->scan_rst.rssi); esp_eddystone_show_inform(&eddystone_res); } diff --git a/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c b/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c index 058aa93673..070cc23798 100644 --- a/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c +++ b/examples/bluetooth/bluedroid/ble/ble_ibeacon/main/ibeacon_demo.c @@ -73,7 +73,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par } case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { #if (IBEACON_MODE == IBEACON_RECEIVER) - //the unit of the duration is second, 0 means scan permanently + // the unit of the duration is second, 0 means scan permanently uint32_t duration = 0; esp_ble_gap_start_scanning(duration); #endif diff --git a/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c b/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c index 541a7c6951..65b2acd20c 100644 --- a/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c +++ b/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Unlicense OR CC0-1.0 */ @@ -216,9 +216,8 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par ESP_LOGE(GATTC_TAG, "Scan param set failed: %s", esp_err_to_name(err)); break; } - //the unit of the duration is second - uint32_t duration = 0xFFFF; - ESP_LOGI(GATTC_TAG, "Enable Ble Scan:during time %04" PRIx32 " minutes.",duration); + // the unit of the duration is second, 0 means scan permanently + uint32_t duration = 0; esp_ble_gap_start_scanning(duration); break; } diff --git a/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c b/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c index 43873a8bbf..30fdb6862f 100644 --- a/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c +++ b/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c @@ -315,7 +315,9 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par uint8_t adv_name_len = 0; switch (event) { case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { - //the unit of the duration is second + // The unit of duration is seconds. + // If duration is set to 0, scanning will continue indefinitely + // until esp_ble_gap_stop_scanning is explicitly called. uint32_t duration = 30; esp_ble_gap_start_scanning(duration); break; diff --git a/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c b/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c index d03211f184..cefcaa06a7 100644 --- a/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c +++ b/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c @@ -379,7 +379,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par } break; case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { - //the unit of the duration is second + // the unit of the duration is second, 0 means scan permanently uint32_t duration = 30; esp_ble_gap_start_scanning(duration); break; diff --git a/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c b/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c index 2467750c23..a3d7ca60a1 100644 --- a/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c +++ b/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c @@ -750,7 +750,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par param->update_conn_params.timeout); break; case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { - //the unit of the duration is second + // the unit of the duration is second, 0 means scan permanently uint32_t duration = 30; esp_ble_gap_start_scanning(duration); break; diff --git a/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c b/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c index 2783df1a18..52c756a9a1 100644 --- a/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c +++ b/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c @@ -276,8 +276,8 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param ESP_LOGI(COEX_TAG, "ESP_GAP_BLE_SCAN_STOP_COMPLETE_EVT, stop scan successfully\n"); break; case ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT: { - ESP_LOGI(COEX_TAG, "ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT, set scan sparameters complete\n"); - //the unit of the duration is second + ESP_LOGI(COEX_TAG, "ESP_GAP_BLE_SCAN_PARAM_SET_COMPLETE_EVT, set scan sparameters complete"); + // the unit of the duration is second, 0 means scan permanently uint32_t duration = 120; esp_ble_gap_start_scanning(duration); break;