ble_mesh: Fix mesh memory use-after-free issue

This commit is contained in:
lly 2020-03-05 02:47:37 +08:00
parent e01333514d
commit 60eaca9637

View file

@ -770,7 +770,7 @@ void bt_mesh_adv_init(void)
__ASSERT(adv_task.stack, "%s, Failed to create adv thread stack", __func__); __ASSERT(adv_task.stack, "%s, Failed to create adv thread stack", __func__);
adv_task.handle = xTaskCreateStaticPinnedToCore(adv_thread, "BLE_Mesh_ADV_Task", BLE_MESH_ADV_TASK_STACK_SIZE, NULL, adv_task.handle = xTaskCreateStaticPinnedToCore(adv_thread, "BLE_Mesh_ADV_Task", BLE_MESH_ADV_TASK_STACK_SIZE, NULL,
configMAX_PRIORITIES - 5, adv_task.stack, adv_task.task, BLE_MESH_ADV_TASK_CORE); configMAX_PRIORITIES - 5, adv_task.stack, adv_task.task, BLE_MESH_ADV_TASK_CORE);
__ASSERT(adv_task.stack, "%s, Failed to create static adv thread stack", __func__); __ASSERT(adv_task.handle, "%s, Failed to create static adv thread", __func__);
#endif #endif
} }
@ -780,6 +780,15 @@ void bt_mesh_adv_deinit(void)
return; return;
} }
vTaskDelete(adv_task.handle);
adv_task.handle = NULL;
#if CONFIG_SPIRAM_USE_MALLOC
heap_caps_free(adv_task.stack);
adv_task.stack = NULL;
heap_caps_free(adv_task.task);
adv_task.task = NULL;
#endif
#if defined(CONFIG_BLE_MESH_RELAY_ADV_BUF) #if defined(CONFIG_BLE_MESH_RELAY_ADV_BUF)
xQueueRemoveFromSet(xBleMeshQueue.queue, xBleMeshQueueSet); xQueueRemoveFromSet(xBleMeshQueue.queue, xBleMeshQueueSet);
xQueueRemoveFromSet(xBleMeshRelayQueue.queue, xBleMeshQueueSet); xQueueRemoveFromSet(xBleMeshRelayQueue.queue, xBleMeshQueueSet);
@ -811,17 +820,6 @@ void bt_mesh_adv_deinit(void)
bt_mesh_unref_buf_from_pool(&adv_buf_pool); bt_mesh_unref_buf_from_pool(&adv_buf_pool);
memset(adv_pool, 0, sizeof(adv_pool)); memset(adv_pool, 0, sizeof(adv_pool));
vTaskDelete(adv_task.handle);
adv_task.handle = NULL;
#if CONFIG_SPIRAM_USE_MALLOC
heap_caps_free(adv_task.stack);
adv_task.stack = NULL;
/* Delay certain period for free adv_task.task */
vTaskDelay(10 / portTICK_PERIOD_MS);
heap_caps_free(adv_task.task);
adv_task.task = NULL;
#endif
} }
int bt_mesh_scan_enable(void) int bt_mesh_scan_enable(void)