From 60eaca9637a56488706be4c396db7a91aff4817a Mon Sep 17 00:00:00 2001 From: lly Date: Thu, 5 Mar 2020 02:47:37 +0800 Subject: [PATCH] ble_mesh: Fix mesh memory use-after-free issue --- components/bt/esp_ble_mesh/mesh_core/adv.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/components/bt/esp_ble_mesh/mesh_core/adv.c b/components/bt/esp_ble_mesh/mesh_core/adv.c index ea3672e3c..e4cf567f7 100644 --- a/components/bt/esp_ble_mesh/mesh_core/adv.c +++ b/components/bt/esp_ble_mesh/mesh_core/adv.c @@ -770,7 +770,7 @@ void bt_mesh_adv_init(void) __ASSERT(adv_task.stack, "%s, Failed to create adv thread stack", __func__); adv_task.handle = xTaskCreateStaticPinnedToCore(adv_thread, "BLE_Mesh_ADV_Task", BLE_MESH_ADV_TASK_STACK_SIZE, NULL, configMAX_PRIORITIES - 5, adv_task.stack, adv_task.task, BLE_MESH_ADV_TASK_CORE); - __ASSERT(adv_task.stack, "%s, Failed to create static adv thread stack", __func__); + __ASSERT(adv_task.handle, "%s, Failed to create static adv thread", __func__); #endif } @@ -780,6 +780,15 @@ void bt_mesh_adv_deinit(void) return; } + vTaskDelete(adv_task.handle); + adv_task.handle = NULL; +#if CONFIG_SPIRAM_USE_MALLOC + heap_caps_free(adv_task.stack); + adv_task.stack = NULL; + heap_caps_free(adv_task.task); + adv_task.task = NULL; +#endif + #if defined(CONFIG_BLE_MESH_RELAY_ADV_BUF) xQueueRemoveFromSet(xBleMeshQueue.queue, xBleMeshQueueSet); xQueueRemoveFromSet(xBleMeshRelayQueue.queue, xBleMeshQueueSet); @@ -811,17 +820,6 @@ void bt_mesh_adv_deinit(void) bt_mesh_unref_buf_from_pool(&adv_buf_pool); memset(adv_pool, 0, sizeof(adv_pool)); - - vTaskDelete(adv_task.handle); - adv_task.handle = NULL; -#if CONFIG_SPIRAM_USE_MALLOC - heap_caps_free(adv_task.stack); - adv_task.stack = NULL; - /* Delay certain period for free adv_task.task */ - vTaskDelay(10 / portTICK_PERIOD_MS); - heap_caps_free(adv_task.task); - adv_task.task = NULL; -#endif } int bt_mesh_scan_enable(void)