Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

components/bt: Fix btc_gatts_arg_deep_copy() and bta_gatts_indicate_handle()

Browse source
This commit is contained in:
Hrishikesh Dhayagude 2018-11-06 21:01:54 +08:00 committed by liminyang
parent 1503a8951e
commit 4228e2e62e
2 changed files with 84 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
components/bt/bluedroid/bta/gatt/bta_gatts_act.c
View file

@ -692,17 +692,26 @@ void bta_gatts_indicate_handle (tBTA_GATTS_CB *p_cb, tBTA_GATTS_DATA *p_msg)
p_rcb && p_cb->rcb[p_srvc_cb->rcb_idx].p_cback) { p_rcb && p_cb->rcb[p_srvc_cb->rcb_idx].p_cback) {
cb_data.req_data.status = status; cb_data.req_data.status = status;
cb_data.req_data.conn_id = p_msg->api_indicate.hdr.layer_specific; cb_data.req_data.conn_id = p_msg->api_indicate.hdr.layer_specific;
cb_data.req_data.value = NULL;
cb_data.req_data.data_len = 0;
cb_data.req_data.handle = p_msg->api_indicate.attr_id; cb_data.req_data.handle = p_msg->api_indicate.attr_id;
cb_data.req_data.value = (uint8_t *)osi_malloc(p_msg->api_indicate.len); if (p_msg->api_indicate.value && (p_msg->api_indicate.len > 0)) {
if (cb_data.req_data.value != NULL){ cb_data.req_data.value = (uint8_t *) osi_malloc(p_msg->api_indicate.len);
if (cb_data.req_data.value != NULL) {
memset(cb_data.req_data.value, 0, p_msg->api_indicate.len); memset(cb_data.req_data.value, 0, p_msg->api_indicate.len);
cb_data.req_data.data_len = p_msg->api_indicate.len; cb_data.req_data.data_len = p_msg->api_indicate.len;
memcpy(cb_data.req_data.value, p_msg->api_indicate.value, p_msg->api_indicate.len); memcpy(cb_data.req_data.value, p_msg->api_indicate.value, p_msg->api_indicate.len);
}else{ } else {
cb_data.req_data.data_len = 0;
APPL_TRACE_ERROR("%s, malloc failed", __func__); APPL_TRACE_ERROR("%s, malloc failed", __func__);
} }
} else {
if (p_msg->api_indicate.value) {
APPL_TRACE_ERROR("%s, incorrect length", __func__);
} else {
APPL_TRACE_WARNING("%s, NULL value", __func__);
}
}
(*p_rcb->p_cback)(BTA_GATTS_CONF_EVT, &cb_data); (*p_rcb->p_cback)(BTA_GATTS_CONF_EVT, &cb_data);
if (cb_data.req_data.value != NULL) { if (cb_data.req_data.value != NULL) {
osi_free(cb_data.req_data.value); osi_free(cb_data.req_data.value);

83
components/bt/bluedroid/btc/profile/std/gatt/btc_gatts.c
View file

@ -81,72 +81,105 @@ void btc_gatts_arg_deep_copy(btc_msg_t *msg, void *p_dest, void *p_src)
switch (msg->act) { switch (msg->act) {
case BTC_GATTS_ACT_SEND_INDICATE: { case BTC_GATTS_ACT_SEND_INDICATE: {
dst->send_ind.value = (uint8_t *)osi_malloc(src->send_ind.value_len); if (src->send_ind.value && (src->send_ind.value_len > 0)) {
dst->send_ind.value = (uint8_t *) osi_malloc(src->send_ind.value_len);
if (dst->send_ind.value) { if (dst->send_ind.value) {
memcpy(dst->send_ind.value, src->send_ind.value, src->send_ind.value_len); memcpy(dst->send_ind.value, src->send_ind.value, src->send_ind.value_len);
} else { } else {
BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act); BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act);
} }
} else {
dst->send_ind.value = NULL;
if (src->send_ind.value) {
BTC_TRACE_ERROR("%s %d, invalid length", __func__, msg->act);
} else {
BTC_TRACE_WARNING("%s %d, NULL value", __func__, msg->act);
}
}
break; break;
} }
case BTC_GATTS_ACT_SEND_RESPONSE: { case BTC_GATTS_ACT_SEND_RESPONSE: {
if (src->send_rsp.rsp) { if (src->send_rsp.rsp) {
dst->send_rsp.rsp = (esp_gatt_rsp_t *)osi_malloc(sizeof(esp_gatt_rsp_t)); dst->send_rsp.rsp = (esp_gatt_rsp_t *) osi_malloc(sizeof(esp_gatt_rsp_t));
if (dst->send_rsp.rsp) { if (dst->send_rsp.rsp) {
memcpy(dst->send_rsp.rsp, src->send_rsp.rsp, sizeof(esp_gatt_rsp_t)); memcpy(dst->send_rsp.rsp, src->send_rsp.rsp, sizeof(esp_gatt_rsp_t));
} else { } else {
BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act); BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act);
} }
} else {
BTC_TRACE_WARNING("%s %d, NULL response", __func__, msg->act);
} }
break; break;
} }
case BTC_GATTS_ACT_ADD_CHAR:{ case BTC_GATTS_ACT_ADD_CHAR: {
if (src->add_char.char_val.attr_value != NULL){ if (src->add_char.char_val.attr_value && (src->add_char.char_val.attr_len > 0)) {
dst->add_char.char_val.attr_value = (uint8_t *)osi_malloc(src->add_char.char_val.attr_len); dst->add_char.char_val.attr_value = (uint8_t *) osi_malloc(src->add_char.char_val.attr_len);
if(dst->add_char.char_val.attr_value != NULL){ if (dst->add_char.char_val.attr_value) {
memcpy(dst->add_char.char_val.attr_value, src->add_char.char_val.attr_value, memcpy(dst->add_char.char_val.attr_value, src->add_char.char_val.attr_value,
src->add_char.char_val.attr_len); src->add_char.char_val.attr_len);
}else{ } else {
BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act); BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act);
} }
} else {
dst->add_char.char_val.attr_value = NULL;
if (src->add_char.char_val.attr_value) {
BTC_TRACE_ERROR("%s %d, invalid length", __func__, msg->act);
} else {
BTC_TRACE_WARNING("%s %d, NULL value", __func__, msg->act);
}
} }
break; break;
} }
case BTC_GATTS_ACT_ADD_CHAR_DESCR:{ case BTC_GATTS_ACT_ADD_CHAR_DESCR: {
if(src->add_descr.descr_val.attr_value != NULL){ if (src->add_descr.descr_val.attr_value && (src->add_descr.descr_val.attr_len > 0)) {
dst->add_descr.descr_val.attr_value = (uint8_t *)osi_malloc(src->add_descr.descr_val.attr_len); dst->add_descr.descr_val.attr_value = (uint8_t *) osi_malloc(src->add_descr.descr_val.attr_len);
if(dst->add_descr.descr_val.attr_value != NULL){ if (dst->add_descr.descr_val.attr_value) {
memcpy(dst->add_descr.descr_val.attr_value, src->add_descr.descr_val.attr_value, memcpy(dst->add_descr.descr_val.attr_value, src->add_descr.descr_val.attr_value,
src->add_descr.descr_val.attr_len); src->add_descr.descr_val.attr_len);
}else{ } else {
BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act); BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act);
} }
} else {
dst->add_descr.descr_val.attr_value = NULL;
if (src->add_descr.descr_val.attr_value) {
BTC_TRACE_ERROR("%s %d, invalid length", __func__, msg->act);
} else {
BTC_TRACE_WARNING("%s %d, NULL value", __func__, msg->act);
}
} }
break; break;
} }
case BTC_GATTS_ACT_CREATE_ATTR_TAB:{ case BTC_GATTS_ACT_CREATE_ATTR_TAB: {
uint8_t num_attr = src->create_attr_tab.max_nb_attr; uint8_t num_attr = src->create_attr_tab.max_nb_attr;
if(src->create_attr_tab.gatts_attr_db != NULL){ if (src->create_attr_tab.gatts_attr_db && (num_attr > 0)) {
dst->create_attr_tab.gatts_attr_db = (esp_gatts_attr_db_t *)osi_malloc(sizeof(esp_gatts_attr_db_t)*num_attr); dst->create_attr_tab.gatts_attr_db = (esp_gatts_attr_db_t *) osi_malloc(sizeof(esp_gatts_attr_db_t) * num_attr);
if(dst->create_attr_tab.gatts_attr_db != NULL){ if (dst->create_attr_tab.gatts_attr_db) {
memcpy(dst->create_attr_tab.gatts_attr_db, src->create_attr_tab.gatts_attr_db, memcpy(dst->create_attr_tab.gatts_attr_db, src->create_attr_tab.gatts_attr_db,
sizeof(esp_gatts_attr_db_t)*num_attr); sizeof(esp_gatts_attr_db_t) * num_attr);
}else{ } else {
BTC_TRACE_ERROR("%s %d no mem\n",__func__, msg->act); BTC_TRACE_ERROR("%s %d no mem\n",__func__, msg->act);
} }
} else {
BTC_TRACE_ERROR("%s %d, NULL data", __func__, msg->act);
} }
break; break;
} }
case BTC_GATTS_ACT_SET_ATTR_VALUE:{ case BTC_GATTS_ACT_SET_ATTR_VALUE: {
uint16_t len = src->set_attr_val.length; if (src->set_attr_val.value && (src->set_attr_val.length > 0)) {
if(src->set_attr_val.value){ dst->set_attr_val.value = (uint8_t *) osi_malloc(src->set_attr_val.length);
dst->set_attr_val.value = (uint8_t *)osi_malloc(len); if (dst->set_attr_val.value) {
if(dst->set_attr_val.value != NULL){ memcpy(dst->set_attr_val.value, src->set_attr_val.value, src->set_attr_val.length);
memcpy(dst->set_attr_val.value, src->set_attr_val.value, len); } else {
}else{
BTC_TRACE_ERROR("%s %d no mem\n",__func__, msg->act); BTC_TRACE_ERROR("%s %d no mem\n",__func__, msg->act);
} }
} else {
dst->set_attr_val.value = NULL;
if (src->set_attr_val.value) {
BTC_TRACE_ERROR("%s %d, invalid length", __func__, msg->act);
} else {
BTC_TRACE_WARNING("%s %d, NULL value", __func__, msg->act);
}
} }
break; break;
} }