Merge branch 'bugfix/blufi_config_potential_double_free' into 'master'

Bugfix/blufi config potential double free Closes BCI-249, BCI-241, BCI-244, and BT-1174 See merge request espressif/esp-idf!9980
2024-09-20 00:36:01 -04:00 · 2020-11-27 13:44:37 +08:00 · 2020-11-27 13:44:37 +08:00 · 079247b42a
commit 079247b42a
parent 4985310b29 d1bf93e055
11 changed files with 45 additions and 13 deletions
--- a/components/bt/common/btc/core/btc_task.c
+++ b/components/bt/common/btc/core/btc_task.c
@ -93,9 +93,9 @@ static const btc_func_t profile_tab[BTC_PID_NUM] = {
 #endif  ///BLE_INCLUDED == TRUE
    [BTC_PID_BLE_HID]     = {NULL, NULL},
    [BTC_PID_SPPLIKE]     = {NULL, NULL},
-#if (GATTS_INCLUDED == TRUE)
+#if (BLUFI_INCLUDED == TRUE)
    [BTC_PID_BLUFI]       = {btc_blufi_call_handler,      btc_blufi_cb_handler    },
-#endif  ///GATTS_INCLUDED == TRUE
+#endif  ///BLUFI_INCLUDED == TRUE
    [BTC_PID_DM_SEC]      = {NULL,                        btc_dm_sec_cb_handler   },
 #endif
    [BTC_PID_ALARM]       = {btc_alarm_handler,           NULL                    },
@ -303,12 +303,13 @@ static void btc_deinit_mem(void) {
        osi_free(btc_creat_tab_env_ptr);
        btc_creat_tab_env_ptr = NULL;
    }
-
+#if (BLUFI_INCLUDED == TRUE)
    if (blufi_env_ptr) {
        osi_free(blufi_env_ptr);
        blufi_env_ptr = NULL;
    }
 #endif
+#endif

 #if BTC_HF_CLIENT_INCLUDED == TRUE && HFP_DYNAMIC_MEMORY == TRUE
    if (hf_client_local_param_ptr) {
@ -357,12 +358,13 @@ static bt_status_t btc_init_mem(void) {
        goto error_exit;
    }
    memset((void *)btc_creat_tab_env_ptr, 0, sizeof(esp_btc_creat_tab_t));
-
+#if (BLUFI_INCLUDED == TRUE)
    if ((blufi_env_ptr = (tBLUFI_ENV *)osi_malloc(sizeof(tBLUFI_ENV))) == NULL) {
        goto error_exit;
    }
    memset((void *)blufi_env_ptr, 0, sizeof(tBLUFI_ENV));
 #endif
+#endif

 #if BTC_HF_CLIENT_INCLUDED == TRUE && HFP_DYNAMIC_MEMORY == TRUE
    if ((hf_client_local_param_ptr = (hf_client_local_param_t *)osi_malloc(sizeof(hf_client_local_param_t))) == NULL) {
--- a/components/bt/common/btc/include/btc/btc_task.h
+++ b/components/bt/common/btc/include/btc/btc_task.h
@ -53,7 +53,9 @@ typedef enum {
    BTC_PID_GAP_BLE,
    BTC_PID_BLE_HID,
    BTC_PID_SPPLIKE,
+#if (BLUFI_INCLUDED == TRUE)
    BTC_PID_BLUFI,
+#endif  ///BLUFI_INCLUDED == TRUE
    BTC_PID_DM_SEC,
    BTC_PID_ALARM,
 #if (CLASSIC_BT_INCLUDED == TRUE)
--- a/components/bt/host/bluedroid/Kconfig.in
+++ b/components/bt/host/bluedroid/Kconfig.in
@ -136,6 +136,13 @@ config BT_GATTS_PPCP_CHAR_GAP
        This enables "Peripheral Preferred Connection Parameters" characteristic (UUID: 0x2A04) in GAP service that has
        connection parameters like min/max connection interval, slave latency and supervision timeout multiplier

+config BT_BLE_BLUFI_ENABLE
+    bool "Include blufi function"
+    depends on BT_GATTS_ENABLE
+    default n
+    help
+        This option can be close when the app does not require blufi function.
+
 choice BT_GATTS_SEND_SERVICE_CHANGE_MODE
    prompt "GATTS Service Change Mode"
    default BT_GATTS_SEND_SERVICE_CHANGE_AUTO
--- a/components/bt/host/bluedroid/api/esp_blufi_api.c
+++ b/components/bt/host/bluedroid/api/esp_blufi_api.c
@ -23,7 +23,8 @@
 #include "osi/future.h"
 #include "btc_gatts.h"
 #include "btc_gatt_util.h"
-
+#include "common/bt_target.h"
+#if (BLUFI_INCLUDED == TRUE)
 esp_err_t esp_blufi_register_callbacks(esp_blufi_callbacks_t *callbacks)
 {
    if (esp_bluedroid_get_status() == ESP_BLUEDROID_STATUS_UNINITIALIZED) {
@ -162,3 +163,4 @@ esp_err_t esp_blufi_send_custom_data(uint8_t *data, uint32_t data_len)

    return (btc_transfer_context(&msg, &arg, sizeof(btc_blufi_args_t), btc_blufi_call_deep_copy) == BT_STATUS_SUCCESS ? ESP_OK : ESP_FAIL);
 }
+#endif  ///BLUFI_INCLUDED == TRUE
--- a/components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c
+++ b/components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c
@ -306,8 +306,11 @@ void bta_gattc_clcb_dealloc(tBTA_GATTC_CLCB *p_clcb)
                p_srcb->p_srvc_cache = NULL;
            }
        }
-        osi_free(p_clcb->p_q_cmd);
-        p_clcb->p_q_cmd = NULL;
+
+        if ( p_clcb->p_q_cmd != NULL && !list_contains(p_clcb->p_cmd_list, p_clcb->p_q_cmd)){
+            osi_free(p_clcb->p_q_cmd);
+            p_clcb->p_q_cmd = NULL;
+        }
        // don't forget to clear the command queue before dealloc the clcb.
        list_clear(p_clcb->p_cmd_list);
        osi_free((void *)p_clcb->p_cmd_list);
--- a/components/bt/host/bluedroid/btc/profile/esp/blufi/blufi_prf.c
+++ b/components/bt/host/bluedroid/btc/profile/esp/blufi/blufi_prf.c
@ -38,7 +38,7 @@
 #include "esp_blufi_api.h"
 #include "esp_gatt_common_api.h"

-#if (GATTS_INCLUDED == TRUE)
+#if (BLUFI_INCLUDED == TRUE)

 #define BT_BD_ADDR_STR         "%02x:%02x:%02x:%02x:%02x:%02x"
 #define BT_BD_ADDR_HEX(addr)   addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]
@ -537,7 +537,7 @@ void btc_blufi_send_encap(uint8_t type, uint8_t *data, int total_data_len)
        }

 retry:
-        if (esp_ble_get_cur_sendable_packets_num(blufi_env.conn_id) > 0) {
+        if (esp_ble_get_cur_sendable_packets_num(BTC_GATT_GET_CONN_ID(blufi_env.conn_id)) > 0) {
            btc_blufi_send_notify((uint8_t *)hdr,
                ((hdr->fc & BLUFI_FC_CHECK) ?
                 hdr->data_len + sizeof(struct blufi_hdr) + 2 :
@ -1134,4 +1134,4 @@ uint16_t btc_blufi_get_version(void)
    return BTC_BLUFI_VERSION;
 }

-#endif	///GATTS_INCLUDED == TRUE
+#endif  ///BLUFI_INCLUDED == TRUE
--- a/components/bt/host/bluedroid/btc/profile/esp/blufi/blufi_protocol.c
+++ b/components/bt/host/bluedroid/btc/profile/esp/blufi/blufi_protocol.c
@ -34,8 +34,7 @@
 #include "blufi_int.h"

 //#include "esp_wifi.h"
-
-#if (GATTS_INCLUDED == TRUE)
+#if (BLUFI_INCLUDED == TRUE)
 // extern tBLUFI_ENV blufi_env;

 void btc_blufi_protocol_handler(uint8_t type, uint8_t *data, int len)
@ -269,4 +268,4 @@ void btc_blufi_protocol_handler(uint8_t type, uint8_t *data, int len)
    }
 }

-#endif	///(GATTS_INCLUDED == TRUE)
+#endif  ///BLUFI_INCLUDED == TRUE
--- a/components/bt/host/bluedroid/btc/profile/esp/blufi/include/blufi_int.h
+++ b/components/bt/host/bluedroid/btc/profile/esp/blufi/include/blufi_int.h
@ -15,6 +15,7 @@
 #ifndef __BLUFI_INT_H__
 #define __BLUFI_INT_H__

+#if (BLUFI_INCLUDED == TRUE)
 #define BTC_BLUFI_GREAT_VER   0x01  //Version + Subversion
 #define BTC_BLUFI_SUB_VER     0x02  //Version + Subversion
 #define BTC_BLUFI_VERSION     ((BTC_BLUFI_GREAT_VER<<8)|BTC_BLUFI_SUB_VER)  //Version + Subversion
@ -191,3 +192,4 @@ void btc_blufi_cb_deep_copy(btc_msg_t *msg, void *p_dest, void *p_src);
 void btc_blufi_cb_deep_free(btc_msg_t *msg);

 #endif /* __BLUFI_INT_H__ */
+#endif  ///BLUFI_INCLUDED == TRUE
--- a/components/bt/host/bluedroid/common/include/common/bluedroid_user_config.h
+++ b/components/bt/host/bluedroid/common/include/common/bluedroid_user_config.h
@ -102,6 +102,13 @@
 #define UC_BT_GATTC_ENABLE                  FALSE
 #endif

+//BLUFI
+#ifdef CONFIG_BT_BLE_BLUFI_ENABLE
+#define UC_BT_BLUFI_ENABLE                  CONFIG_BT_BLE_BLUFI_ENABLE
+#else
+#define UC_BT_BLUFI_ENABLE                  FALSE
+#endif
+
 //GATTC CACHE
 #ifdef CONFIG_BT_GATTC_CACHE_NVS_FLASH
 #define UC_BT_GATTC_CACHE_NVS_FLASH_ENABLED    CONFIG_BT_GATTC_CACHE_NVS_FLASH
--- a/components/bt/host/bluedroid/common/include/common/bt_target.h
+++ b/components/bt/host/bluedroid/common/include/common/bt_target.h
@ -171,6 +171,12 @@
 #define GATTC_INCLUDED              FALSE
 #endif  /* UC_BT_GATTC_ENABLE */

+#if (UC_BT_BLUFI_ENABLE)
+#define BLUFI_INCLUDED              TRUE
+#else
+#define BLUFI_INCLUDED              FALSE
+#endif  /* UC_BT_BLUFI_ENABLE */
+
 #if (UC_BT_GATTC_ENABLE && UC_BT_GATTC_CACHE_NVS_FLASH_ENABLED)
 #define GATTC_CACHE_NVS             TRUE
 #else
--- a/examples/bluetooth/bluedroid/ble/blufi/sdkconfig.defaults
+++ b/examples/bluetooth/bluedroid/ble/blufi/sdkconfig.defaults
@ -29,3 +29,5 @@ CONFIG_BT_ACL_CONNECTIONS=4
 CONFIG_BT_ALLOCATION_FROM_SPIRAM_FIRST=n
 CONFIG_BT_BLE_DYNAMIC_ENV_MEMORY=n
 CONFIG_BT_SMP_ENABLE=n
+CONFIG_BT_BLE_BLUFI_ENABLE=y
+CONFIG_MBEDTLS_HARDWARE_MPI=n