mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
fix(bt/bluedroid): Fixed not deep copy service_name and user1_ptr in RAW SDP search event
This commit is contained in:
parent
1cfb537813
commit
205e66c9fd
@ -85,9 +85,11 @@ typedef void (tBTA_SDP_DM_CBACK)(tBTA_SDP_EVT event, tBTA_SDP *p_data, void *use
|
||||
|
||||
/* MCE configuration structure */
|
||||
typedef struct {
|
||||
UINT16 sdp_db_size; /* The size of p_sdp_db */
|
||||
UINT16 sdp_raw_size; /* The size of p_sdp_raw_data */
|
||||
UINT16 sdp_db_size; /* The size of p_sdp_db */
|
||||
#if (SDP_INCLUDED == TRUE)
|
||||
tSDP_DISCOVERY_DB *p_sdp_db; /* The data buffer to keep SDP database */
|
||||
UINT8 *p_sdp_raw_data; /* The data buffer to keep raw data */
|
||||
tSDP_DISCOVERY_DB *p_sdp_db; /* The data buffer to keep SDP database */
|
||||
#endif ///SDP_INCLUDED == TRUE
|
||||
} tBTA_SDP_CFG;
|
||||
|
||||
|
@ -416,7 +416,7 @@ static void bta_create_raw_sdp_record(bluetooth_sdp_record *record, tSDP_DISC_RE
|
||||
if (SDP_FindProtocolListElemInRec(p_rec, UUID_PROTOCOL_RFCOMM, &pe)) {
|
||||
record->raw.hdr.rfcomm_channel_number = pe.params[0];
|
||||
}
|
||||
record->raw.hdr.user1_ptr_len = p_bta_sdp_cfg->p_sdp_db->raw_size;
|
||||
record->raw.hdr.user1_ptr_len = p_bta_sdp_cfg->p_sdp_db->raw_used;
|
||||
record->raw.hdr.user1_ptr = p_bta_sdp_cfg->p_sdp_db->raw_data;
|
||||
}
|
||||
|
||||
@ -570,6 +570,10 @@ void bta_sdp_search(tBTA_SDP_MSG *p_data)
|
||||
SDP_InitDiscoveryDb (p_bta_sdp_cfg->p_sdp_db, p_bta_sdp_cfg->sdp_db_size, 1,
|
||||
bta_sdp_search_uuid, 0, NULL);
|
||||
|
||||
/* tell SDP to keep the raw data */
|
||||
p_bta_sdp_cfg->p_sdp_db->raw_size = p_bta_sdp_cfg->sdp_raw_size;
|
||||
p_bta_sdp_cfg->p_sdp_db->raw_data = p_bta_sdp_cfg->p_sdp_raw_data;
|
||||
|
||||
if (!SDP_ServiceSearchAttributeRequest2(p_data->get_search.bd_addr, p_bta_sdp_cfg->p_sdp_db,
|
||||
bta_sdp_search_cback, (void *)bta_sdp_search_uuid)) {
|
||||
bta_sdp_cb.sdp_active = BTA_SDP_ACTIVE_NONE;
|
||||
|
@ -65,7 +65,9 @@ tBTA_SDP_STATUS BTA_SdpEnable(tBTA_SDP_DM_CBACK *p_cback)
|
||||
#if BTA_DYNAMIC_MEMORY == TRUE
|
||||
/* Malloc buffer for SDP configuration structure */
|
||||
p_bta_sdp_cfg->p_sdp_db = (tSDP_DISCOVERY_DB *)osi_malloc(p_bta_sdp_cfg->sdp_db_size);
|
||||
if (p_bta_sdp_cfg->p_sdp_db == NULL) {
|
||||
p_bta_sdp_cfg->p_sdp_raw_data = (UINT8 *)osi_malloc(p_bta_sdp_cfg->sdp_raw_size);
|
||||
if (p_bta_sdp_cfg->p_sdp_db == NULL || p_bta_sdp_cfg->p_sdp_raw_data == NULL) {
|
||||
BTA_SdpCleanup();
|
||||
return BTA_SDP_FAILURE;
|
||||
}
|
||||
#endif
|
||||
@ -118,8 +120,15 @@ tBTA_SDP_STATUS BTA_SdpCleanup(void)
|
||||
bta_sys_deregister(BTA_ID_SDP);
|
||||
#if BTA_DYNAMIC_MEMORY == TRUE
|
||||
/* Free buffer for SDP configuration structure */
|
||||
osi_free(p_bta_sdp_cfg->p_sdp_db);
|
||||
p_bta_sdp_cfg->p_sdp_db = NULL;
|
||||
if (p_bta_sdp_cfg->p_sdp_db) {
|
||||
osi_free(p_bta_sdp_cfg->p_sdp_db);
|
||||
p_bta_sdp_cfg->p_sdp_db = NULL;
|
||||
}
|
||||
|
||||
if (p_bta_sdp_cfg->p_sdp_raw_data) {
|
||||
osi_free(p_bta_sdp_cfg->p_sdp_raw_data);
|
||||
p_bta_sdp_cfg->p_sdp_raw_data = NULL;
|
||||
}
|
||||
#endif
|
||||
return BTA_SDP_SUCCESS;
|
||||
}
|
||||
|
@ -30,16 +30,24 @@
|
||||
#define BTA_SDP_DB_SIZE 1500
|
||||
#endif
|
||||
|
||||
#ifndef BTA_SDP_RAW_DATA_SIZE
|
||||
#define BTA_SDP_RAW_DATA_SIZE 1024
|
||||
#endif
|
||||
|
||||
#if BTA_DYNAMIC_MEMORY == FALSE
|
||||
static UINT8 bta_sdp_raw_data[BTA_SDP_RAW_DATA_SIZE];
|
||||
static UINT8 __attribute__ ((aligned(4))) bta_sdp_db_data[BTA_SDP_DB_SIZE];
|
||||
#endif
|
||||
|
||||
/* SDP configuration structure */
|
||||
tBTA_SDP_CFG bta_sdp_cfg = {
|
||||
BTA_SDP_RAW_DATA_SIZE,
|
||||
BTA_SDP_DB_SIZE,
|
||||
#if BTA_DYNAMIC_MEMORY == FALSE
|
||||
bta_sdp_raw_data,
|
||||
(tSDP_DISCOVERY_DB *)bta_sdp_db_data /* The data buffer to keep SDP database */
|
||||
#else
|
||||
NULL,
|
||||
NULL
|
||||
#endif
|
||||
};
|
||||
|
@ -1031,6 +1031,83 @@ static bool btc_sdp_remove_record_event(int id, int *p_sdp_handle)
|
||||
return result;
|
||||
}
|
||||
|
||||
static void btc_sdp_cb_arg_deep_copy(btc_msg_t *msg, void *p_dest, void *p_src)
|
||||
{
|
||||
switch (msg->act) {
|
||||
case BTA_SDP_SEARCH_COMP_EVT: {
|
||||
tBTA_SDP_SEARCH_COMP *src_search_comp = (tBTA_SDP_SEARCH_COMP *)p_src;
|
||||
tBTA_SDP_SEARCH_COMP *dest_search_comp = (tBTA_SDP_SEARCH_COMP *)p_dest;
|
||||
int record_count = src_search_comp->record_count;
|
||||
|
||||
for (int i = 0; i < record_count; i++) {
|
||||
bluetooth_sdp_record *src_record = &src_search_comp->records[i];
|
||||
bluetooth_sdp_record *dest_record = &dest_search_comp->records[i];
|
||||
// deep copy service name
|
||||
uint32_t src_service_name_length = src_record->hdr.service_name_length;
|
||||
char *src_service_name = src_record->hdr.service_name;
|
||||
dest_record->hdr.service_name_length = 0;
|
||||
dest_record->hdr.service_name = NULL;
|
||||
if (src_service_name && src_service_name_length) {
|
||||
char *service_name = (char *)osi_malloc(src_service_name_length + 1);
|
||||
if (service_name) {
|
||||
memcpy(service_name, src_service_name, src_service_name_length);
|
||||
service_name[src_service_name_length] = '\0';
|
||||
|
||||
dest_record->hdr.service_name_length = src_service_name_length;
|
||||
dest_record->hdr.service_name = service_name;
|
||||
} else {
|
||||
BTC_TRACE_ERROR("%s malloc service name failed, orig service name:%s", __func__, src_service_name);
|
||||
}
|
||||
}
|
||||
|
||||
// deep copy user1_ptr fow RAW type
|
||||
int src_user1_ptr_len = src_record->hdr.user1_ptr_len;
|
||||
uint8_t *src_user1_ptr = src_record->hdr.user1_ptr;
|
||||
dest_record->hdr.user1_ptr_len = 0;
|
||||
dest_record->hdr.user1_ptr = NULL;
|
||||
if (src_record->hdr.type == SDP_TYPE_RAW && src_user1_ptr && src_user1_ptr_len) {
|
||||
uint8_t *user1_ptr = (uint8_t *)osi_malloc(src_user1_ptr_len);
|
||||
if (user1_ptr) {
|
||||
memcpy(user1_ptr, src_user1_ptr, src_user1_ptr_len);
|
||||
|
||||
dest_record->hdr.user1_ptr_len = src_user1_ptr_len;
|
||||
dest_record->hdr.user1_ptr = user1_ptr;
|
||||
} else {
|
||||
BTC_TRACE_ERROR("%s malloc user1_ptr failed", __func__);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void btc_sdp_cb_arg_deep_free(btc_msg_t *msg)
|
||||
{
|
||||
switch (msg->act) {
|
||||
case BTA_SDP_SEARCH_COMP_EVT: {
|
||||
tBTA_SDP_SEARCH_COMP *search_comp = (tBTA_SDP_SEARCH_COMP *)msg->arg;
|
||||
for (size_t i = 0; i < search_comp->record_count; i++) {
|
||||
bluetooth_sdp_record *record = &search_comp->records[i];
|
||||
if (record->hdr.service_name) {
|
||||
osi_free(record->hdr.service_name);
|
||||
}
|
||||
|
||||
if (record->hdr.user1_ptr) {
|
||||
osi_free(record->hdr.user1_ptr);
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void btc_sdp_dm_cback(tBTA_SDP_EVT event, tBTA_SDP* p_data, void* user_data)
|
||||
{
|
||||
btc_msg_t msg;
|
||||
@ -1062,7 +1139,7 @@ static void btc_sdp_dm_cback(tBTA_SDP_EVT event, tBTA_SDP* p_data, void* user_da
|
||||
msg.pid = BTC_PID_SDP;
|
||||
msg.act = event;
|
||||
|
||||
status = btc_transfer_context(&msg, p_data, sizeof(tBTA_SDP), NULL, NULL);
|
||||
status = btc_transfer_context(&msg, p_data, sizeof(tBTA_SDP), btc_sdp_cb_arg_deep_copy, btc_sdp_cb_arg_deep_free);
|
||||
|
||||
if (status != BT_STATUS_SUCCESS) {
|
||||
BTC_TRACE_ERROR("%s btc_transfer_context failed", __func__);
|
||||
@ -1234,11 +1311,10 @@ static void btc_sdp_search(btc_sdp_args_t *arg)
|
||||
|
||||
void btc_sdp_arg_deep_copy(btc_msg_t *msg, void *p_dest, void *p_src)
|
||||
{
|
||||
bluetooth_sdp_record **dst_record = &((btc_sdp_args_t *)p_dest)->create_record.record;
|
||||
bluetooth_sdp_record *src_record = ((btc_sdp_args_t *)p_src)->create_record.record;
|
||||
|
||||
switch (msg->act) {
|
||||
case BTC_SDP_ACT_CREATE_RECORD:
|
||||
case BTC_SDP_ACT_CREATE_RECORD: {
|
||||
bluetooth_sdp_record **dst_record = &((btc_sdp_args_t *)p_dest)->create_record.record;
|
||||
bluetooth_sdp_record *src_record = ((btc_sdp_args_t *)p_src)->create_record.record;
|
||||
bluetooth_sdp_record *record = (bluetooth_sdp_record *)osi_calloc(get_sdp_record_size(src_record));
|
||||
if (record) {
|
||||
copy_sdp_record(src_record, record);
|
||||
@ -1249,6 +1325,7 @@ void btc_sdp_arg_deep_copy(btc_msg_t *msg, void *p_dest, void *p_src)
|
||||
|
||||
*dst_record = record;
|
||||
break;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@ -1256,15 +1333,15 @@ void btc_sdp_arg_deep_copy(btc_msg_t *msg, void *p_dest, void *p_src)
|
||||
|
||||
void btc_sdp_arg_deep_free(btc_msg_t *msg)
|
||||
{
|
||||
btc_sdp_args_t *arg = (btc_sdp_args_t *)msg->arg;
|
||||
bluetooth_sdp_record *record = arg->create_record.record;
|
||||
|
||||
switch (msg->act) {
|
||||
case BTC_SDP_ACT_CREATE_RECORD:
|
||||
case BTC_SDP_ACT_CREATE_RECORD: {
|
||||
btc_sdp_args_t *arg = (btc_sdp_args_t *)msg->arg;
|
||||
bluetooth_sdp_record *record = arg->create_record.record;
|
||||
if (record) {
|
||||
osi_free(record);
|
||||
}
|
||||
break;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@ -1321,23 +1398,11 @@ void btc_sdp_cb_handler(btc_msg_t *msg)
|
||||
sdp_local_param.search_allowed = true;
|
||||
|
||||
param.search.status = p_data->sdp_search_comp.status;
|
||||
if (param.search.status == ESP_SDP_SUCCESS) {
|
||||
memcpy(param.search.remote_addr, p_data->sdp_search_comp.remote_addr, sizeof(BD_ADDR));
|
||||
memcpy(¶m.search.sdp_uuid, &p_data->sdp_search_comp.uuid, sizeof(tSDP_UUID));
|
||||
param.search.record_count = p_data->sdp_search_comp.record_count;
|
||||
param.search.records = osi_malloc(sizeof(esp_bluetooth_sdp_record_t)*p_data->sdp_search_comp.record_count);
|
||||
if (param.search.records != NULL) {
|
||||
memcpy(param.search.records, p_data->sdp_search_comp.records,
|
||||
sizeof(esp_bluetooth_sdp_record_t)*p_data->sdp_search_comp.record_count);
|
||||
} else {
|
||||
BTC_TRACE_ERROR("%s %d osi_malloc failed\n", __func__, event);
|
||||
param.search.status = ESP_SDP_NO_RESOURCE;
|
||||
}
|
||||
}
|
||||
memcpy(param.search.remote_addr, p_data->sdp_search_comp.remote_addr, sizeof(BD_ADDR));
|
||||
memcpy(¶m.search.sdp_uuid, &p_data->sdp_search_comp.uuid, sizeof(tSDP_UUID));
|
||||
param.search.record_count = p_data->sdp_search_comp.record_count;
|
||||
param.search.records = (esp_bluetooth_sdp_record_t *)p_data->sdp_search_comp.records;
|
||||
btc_sdp_cb_to_app(ESP_SDP_SEARCH_COMP_EVT, ¶m);
|
||||
if (param.search.records != NULL) {
|
||||
osi_free(param.search.records);
|
||||
}
|
||||
break;
|
||||
case BTA_SDP_CREATE_RECORD_USER_EVT:
|
||||
param.create_record.status = p_data->sdp_create_record.status;
|
||||
@ -1362,6 +1427,8 @@ void btc_sdp_cb_handler(btc_msg_t *msg)
|
||||
BTC_TRACE_DEBUG("%s: Unhandled event (%d)!", __func__, msg->act);
|
||||
break;
|
||||
}
|
||||
|
||||
btc_sdp_cb_arg_deep_free(msg);
|
||||
}
|
||||
|
||||
#endif ///defined BTC_SDP_COMMON_INCLUDED && BTC_SDP_COMMON_INCLUDED == TRUE
|
||||
|
Loading…
x
Reference in New Issue
Block a user