From 4c6aad37f669f77a6365417da8e946679c700d22 Mon Sep 17 00:00:00 2001 From: Jin Cheng Date: Tue, 3 Jan 2023 15:04:05 +0800 Subject: [PATCH] Fixed crash caused by accessing nullptr in `btm_acl_disconnected` --- .../bt/host/bluedroid/stack/btm/btm_acl.c | 38 +++++++++++-------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/components/bt/host/bluedroid/stack/btm/btm_acl.c b/components/bt/host/bluedroid/stack/btm/btm_acl.c index e97274b946..2c82cc283f 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_acl.c +++ b/components/bt/host/bluedroid/stack/btm/btm_acl.c @@ -2657,29 +2657,37 @@ void btm_acl_connected(BD_ADDR bda, UINT16 handle, UINT8 link_type, UINT8 enc_mo *******************************************************************************/ void btm_acl_disconnected(UINT16 handle, UINT8 reason) { + BOOLEAN need_report = TRUE; + #if BTM_SCO_INCLUDED == TRUE /* If L2CAP doesn't know about it, send it to SCO */ if (!l2c_link_hci_disc_comp (handle, reason)) { btm_sco_removed (handle, reason); + need_report = FALSE; } #else - /* Report BR/EDR ACL disconnection result to upper layer */ - tACL_CONN *conn = btm_handle_to_acl(handle); -#if BLE_INCLUDED == TRUE - if (conn->transport == BT_TRANSPORT_BR_EDR) -#endif - { - tBTM_ACL_LINK_STAT_EVENT_DATA evt_data = { - .event = BTM_ACL_DISCONN_CMPL_EVT, - .link_act.disconn_cmpl.reason = reason, - .link_act.disconn_cmpl.handle = handle, - }; - bdcpy(evt_data.link_act.disconn_cmpl.bd_addr, conn->remote_addr); - btm_acl_link_stat_report(&evt_data); - } - l2c_link_hci_disc_comp(handle, reason); #endif /* BTM_SCO_INCLUDED */ + + if (need_report) { + /* Report BR/EDR ACL disconnection result to upper layer */ + tACL_CONN *conn = btm_handle_to_acl(handle); + if (conn) { +#if BLE_INCLUDED == TRUE + if (conn->transport == BT_TRANSPORT_BR_EDR) +#endif + { + tBTM_ACL_LINK_STAT_EVENT_DATA evt_data = { + .event = BTM_ACL_DISCONN_CMPL_EVT, + .link_act.disconn_cmpl.reason = reason, + .link_act.disconn_cmpl.handle = handle, + }; + bdcpy(evt_data.link_act.disconn_cmpl.bd_addr, conn->remote_addr); + btm_acl_link_stat_report(&evt_data); + } + } + } + #if (SMP_INCLUDED == TRUE) /* Notify security manager */ btm_sec_disconnected(handle, reason);