components/bt: Fix a probable memory leak for BTA_GATTS_CONF_EVT event (backport v3.1)

Multiple modules register their callback BTA_GATTS_AppRegister().

If any of the callbacks do not free the allocated pointer in
BTA_GATTS_CONF_EVT event, then this can result in memory leak.

So, free the pointer after the callback function is called and remove
the calls to free in the callback functions as it is now not required

Signed-off-by: Hrishikesh Dhayagude <hrishi@espressif.com>
This commit is contained in:
Hrishikesh Dhayagude 2018-08-08 14:16:03 +05:30
parent 7cd75f30f2
commit 7ffd68cac2
3 changed files with 5 additions and 7 deletions

View file

@ -702,6 +702,10 @@ void bta_gatts_indicate_handle (tBTA_GATTS_CB *p_cb, tBTA_GATTS_DATA *p_msg)
APPL_TRACE_ERROR("%s, malloc failed", __func__); APPL_TRACE_ERROR("%s, malloc failed", __func__);
} }
(*p_rcb->p_cback)(BTA_GATTS_CONF_EVT, &cb_data); (*p_rcb->p_cback)(BTA_GATTS_CONF_EVT, &cb_data);
if (cb_data.req_data.value != NULL) {
osi_free(cb_data.req_data.value);
cb_data.req_data.value = NULL;
}
} }
} else { } else {
APPL_TRACE_ERROR("Not an registered servce attribute ID: 0x%04x", APPL_TRACE_ERROR("Not an registered servce attribute ID: 0x%04x",

View file

@ -209,10 +209,7 @@ static void blufi_profile_cb(tBTA_GATTS_EVT event, tBTA_GATTS *p_data)
blufi_env.frag_size = p_data->req_data.p_data->mtu - BLUFI_MTU_RESERVED_SIZE; blufi_env.frag_size = p_data->req_data.p_data->mtu - BLUFI_MTU_RESERVED_SIZE;
break; break;
case BTA_GATTS_CONF_EVT: case BTA_GATTS_CONF_EVT:
BLUFI_TRACE_DEBUG("CONIRM EVT\n"); BLUFI_TRACE_DEBUG("CONFIRM EVT\n");
if (p_data && p_data->req_data.value){
osi_free(p_data->req_data.value);
}
/* Nothing */ /* Nothing */
break; break;
case BTA_GATTS_CREATE_EVT: case BTA_GATTS_CREATE_EVT:

View file

@ -530,9 +530,6 @@ static void btc_gatts_cb_param_copy_free(btc_msg_t *msg, tBTA_GATTS *p_data)
} }
break; break;
case BTA_GATTS_CONF_EVT: case BTA_GATTS_CONF_EVT:
if (p_data && p_data->req_data.value){
osi_free(p_data->req_data.value);
}
break; break;
default: default:
break; break;