From 7e04b04b1c834b8852156cc6df5841b335373799 Mon Sep 17 00:00:00 2001 From: zhanghaipeng Date: Fri, 16 Aug 2024 17:21:19 +0800 Subject: [PATCH 1/3] fix(ble/bluedroid): Fixed memory out-of-bounds issue when parsing adv data --- .../bt/host/bluedroid/api/esp_gap_ble_api.c | 20 +++++++++--- .../api/include/api/esp_gap_ble_api.h | 32 ++++++++++++++++--- .../bt/host/bluedroid/stack/btm/btm_ble_gap.c | 18 +++++------ .../stack/include/stack/btm_ble_api.h | 2 +- .../ble/ble_spp_client/main/spp_client_demo.c | 5 ++- .../main/example_ble_client_throughput.c | 6 ++-- .../ble/gatt_client/main/gattc_demo.c | 6 ++-- .../main/example_ble_sec_gattc_demo.c | 6 ++-- .../main/gattc_multi_connect.c | 6 ++-- .../main/ble50_sec_gattc_demo.c | 6 ++-- .../peroidic_sync/main/periodic_sync_demo.c | 5 ++- .../gattc_gatts_coex/main/gattc_gatts_coex.c | 6 ++-- .../esp_hid_device/main/esp_hid_gap.c | 20 +++++++++--- .../bluetooth/esp_hid_host/main/esp_hid_gap.c | 20 +++++++++--- 14 files changed, 118 insertions(+), 40 deletions(-) diff --git a/components/bt/host/bluedroid/api/esp_gap_ble_api.c b/components/bt/host/bluedroid/api/esp_gap_ble_api.c index 6020cd3bcd..13c24f8417 100644 --- a/components/bt/host/bluedroid/api/esp_gap_ble_api.c +++ b/components/bt/host/bluedroid/api/esp_gap_ble_api.c @@ -485,21 +485,33 @@ esp_err_t esp_ble_gap_get_local_used_addr(esp_bd_addr_t local_used_addr, uint8_t return ESP_OK; } -uint8_t *esp_ble_resolve_adv_data( uint8_t *adv_data, uint8_t type, uint8_t *length) +uint8_t *esp_ble_resolve_adv_data_by_type( uint8_t *adv_data, uint16_t adv_data_len, esp_ble_adv_data_type type, uint8_t *length) { + if (length == NULL) { + return NULL; + } + if (((type < ESP_BLE_AD_TYPE_FLAG) || (type > ESP_BLE_AD_TYPE_128SERVICE_DATA)) && (type != ESP_BLE_AD_MANUFACTURER_SPECIFIC_TYPE)) { LOG_ERROR("the eir type not define, type = %x\n", type); + *length = 0; return NULL; } - if (adv_data == NULL) { - LOG_ERROR("Invalid p_eir data.\n"); + if (adv_data == NULL || adv_data_len == 0) { + LOG_ERROR("Invalid advertising data.\n"); + *length = 0; return NULL; } - return (BTM_CheckAdvData( adv_data, type, length)); + return (BTM_CheckAdvData( adv_data, adv_data_len, type, length)); } + +uint8_t *esp_ble_resolve_adv_data( uint8_t *adv_data, uint8_t type, uint8_t *length) +{ + return esp_ble_resolve_adv_data_by_type( adv_data, ESP_BLE_ADV_DATA_LEN_MAX + ESP_BLE_SCAN_RSP_DATA_LEN_MAX, (esp_ble_adv_data_type) type, length); +} + #if (BLE_42_FEATURE_SUPPORT == TRUE) esp_err_t esp_ble_gap_config_adv_data_raw(uint8_t *raw_data, uint32_t raw_data_len) { diff --git a/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h b/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h index a720580b36..181c555ac8 100644 --- a/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h +++ b/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h @@ -1888,17 +1888,41 @@ esp_err_t esp_ble_gap_get_device_name(void); * */ esp_err_t esp_ble_gap_get_local_used_addr(esp_bd_addr_t local_used_addr, uint8_t * addr_type); + /** * @brief This function is called to get ADV data for a specific type. * - * @param[in] adv_data - pointer of ADV data which to be resolved - * @param[in] type - finding ADV data type - * @param[out] length - return the length of ADV data not including type + * @note This is the recommended function to use for resolving ADV data by type. + * It improves upon the deprecated `esp_ble_resolve_adv_data` function by + * including an additional parameter to specify the length of the ADV data, + * thereby offering better safety and reliability. * - * @return pointer of ADV data + * @param[in] adv_data - pointer of ADV data which to be resolved + * @param[in] adv_data_len - the length of ADV data which to be resolved. + * @param[in] type - finding ADV data type + * @param[out] length - return the length of ADV data not including type + * + * @return pointer of ADV data + * + */ +uint8_t *esp_ble_resolve_adv_data_by_type( uint8_t *adv_data, uint16_t adv_data_len, esp_ble_adv_data_type type, uint8_t *length); + +/** + * @brief This function is called to get ADV data for a specific type. + * + * @note This function has been deprecated and will be removed in a future release. + * Please use `esp_ble_resolve_adv_data_by_type` instead, which provides + * better parameter validation and supports more accurate data resolution. + * + * @param[in] adv_data - pointer of ADV data which to be resolved + * @param[in] type - finding ADV data type + * @param[out] length - return the length of ADV data not including type + * + * @return pointer of ADV data * */ uint8_t *esp_ble_resolve_adv_data(uint8_t *adv_data, uint8_t type, uint8_t *length); + #if (BLE_42_FEATURE_SUPPORT == TRUE) /** * @brief This function is called to set raw advertising data. User need to fill diff --git a/components/bt/host/bluedroid/stack/btm/btm_ble_gap.c b/components/bt/host/bluedroid/stack/btm/btm_ble_gap.c index 540756a3bc..b34676c68c 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_ble_gap.c +++ b/components/bt/host/bluedroid/stack/btm/btm_ble_gap.c @@ -2101,7 +2101,7 @@ BOOLEAN BTM_BleGetCurrentAddress(BD_ADDR addr, uint8_t *addr_type) ** Returns pointer of ADV data ** *******************************************************************************/ -UINT8 *BTM_CheckAdvData( UINT8 *p_adv, UINT8 type, UINT8 *p_length) +UINT8 *BTM_CheckAdvData( UINT8 *p_adv, UINT16 adv_data_len, UINT8 type, UINT8 *p_length) { UINT8 *p = p_adv; UINT8 length; @@ -2110,7 +2110,7 @@ UINT8 *BTM_CheckAdvData( UINT8 *p_adv, UINT8 type, UINT8 *p_length) STREAM_TO_UINT8(length, p); - while ( length && (p - p_adv < BTM_BLE_CACHE_ADV_DATA_MAX)) { + while ( length && (p - p_adv < adv_data_len)) { STREAM_TO_UINT8(adv_type, p); if ( adv_type == type ) { @@ -2123,7 +2123,7 @@ UINT8 *BTM_CheckAdvData( UINT8 *p_adv, UINT8 type, UINT8 *p_length) /* Break loop if advertising data is in an incorrect format, as it may lead to memory overflow */ - if (p >= p_adv + BTM_BLE_CACHE_ADV_DATA_MAX) { + if (p >= p_adv + adv_data_len) { break; } @@ -3176,7 +3176,7 @@ UINT8 btm_ble_is_discoverable(BD_ADDR bda, UINT8 evt_type, UINT8 *p) } if (p_le_inq_cb->adv_len != 0) { - if ((p_flag = BTM_CheckAdvData(p_le_inq_cb->adv_data_cache, + if ((p_flag = BTM_CheckAdvData(p_le_inq_cb->adv_data_cache, p_le_inq_cb->adv_len, BTM_BLE_AD_TYPE_FLAG, &data_len)) != NULL) { flag = * p_flag; @@ -3392,7 +3392,7 @@ BOOLEAN btm_ble_update_inq_result(BD_ADDR bda, tINQ_DB_ENT *p_i, UINT8 addr_type p_i->inq_count = p_inq->inq_counter; /* Mark entry for current inquiry */ if (p_le_inq_cb->adv_len != 0) { - if ((p_flag = BTM_CheckAdvData(p_le_inq_cb->adv_data_cache, BTM_BLE_AD_TYPE_FLAG, &len)) != NULL) { + if ((p_flag = BTM_CheckAdvData(p_le_inq_cb->adv_data_cache, p_le_inq_cb->adv_len, BTM_BLE_AD_TYPE_FLAG, &len)) != NULL) { p_cur->flag = * p_flag; } } @@ -3402,11 +3402,11 @@ BOOLEAN btm_ble_update_inq_result(BD_ADDR bda, tINQ_DB_ENT *p_i, UINT8 addr_type * then try to convert the appearance value to a class of device value Bluedroid can use. * Otherwise fall back to trying to infer if it is a HID device based on the service class. */ - p_uuid16 = BTM_CheckAdvData(p_le_inq_cb->adv_data_cache, BTM_BLE_AD_TYPE_APPEARANCE, &len); + p_uuid16 = BTM_CheckAdvData(p_le_inq_cb->adv_data_cache, p_le_inq_cb->adv_len, BTM_BLE_AD_TYPE_APPEARANCE, &len); if (p_uuid16 && len == 2) { btm_ble_appearance_to_cod((UINT16)p_uuid16[0] | (p_uuid16[1] << 8), p_cur->dev_class); } else { - if ((p_uuid16 = BTM_CheckAdvData(p_le_inq_cb->adv_data_cache, + if ((p_uuid16 = BTM_CheckAdvData(p_le_inq_cb->adv_data_cache, p_le_inq_cb->adv_len, BTM_BLE_AD_TYPE_16SRV_CMPL, &len)) != NULL) { UINT8 i; for (i = 0; i + 2 <= len; i = i + 2) { @@ -3493,10 +3493,10 @@ void btm_send_sel_conn_callback(BD_ADDR remote_bda, UINT8 evt_type, UINT8 *p_dat /* get the device name if exist in ADV data */ if (data_len != 0) { - p_dev_name = BTM_CheckAdvData(p_data, BTM_BLE_AD_TYPE_NAME_CMPL, &len); + p_dev_name = BTM_CheckAdvData(p_data, data_len, BTM_BLE_AD_TYPE_NAME_CMPL, &len); if (p_dev_name == NULL) { - p_dev_name = BTM_CheckAdvData(p_data, BTM_BLE_AD_TYPE_NAME_SHORT, &len); + p_dev_name = BTM_CheckAdvData(p_data, data_len, BTM_BLE_AD_TYPE_NAME_SHORT, &len); } if (p_dev_name) { diff --git a/components/bt/host/bluedroid/stack/include/stack/btm_ble_api.h b/components/bt/host/bluedroid/stack/include/stack/btm_ble_api.h index 1b30964284..21d783dd2b 100644 --- a/components/bt/host/bluedroid/stack/include/stack/btm_ble_api.h +++ b/components/bt/host/bluedroid/stack/include/stack/btm_ble_api.h @@ -2112,7 +2112,7 @@ void BTM_BleReadControllerFeatures(tBTM_BLE_CTRL_FEATURES_CBACK *p_vsc_cback); ** *******************************************************************************/ //extern -UINT8 *BTM_CheckAdvData( UINT8 *p_adv, UINT8 type, UINT8 *p_length); +UINT8 *BTM_CheckAdvData( UINT8 *p_adv, UINT16 adv_data_len, UINT8 type, UINT8 *p_length); /******************************************************************************* ** diff --git a/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c b/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c index 08549979a7..a30fbb0216 100644 --- a/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c +++ b/examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c @@ -247,7 +247,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par case ESP_GAP_SEARCH_INQ_RES_EVT: esp_log_buffer_hex(GATTC_TAG, scan_result->scan_rst.bda, 6); ESP_LOGI(GATTC_TAG, "Searched Adv Data Len %d, Scan Response Len %d", scan_result->scan_rst.adv_data_len, scan_result->scan_rst.scan_rsp_len); - adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv, ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); + adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv, + scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len, + ESP_BLE_AD_TYPE_NAME_CMPL, + &adv_name_len); ESP_LOGI(GATTC_TAG, "Searched Device Name Len %d", adv_name_len); esp_log_buffer_char(GATTC_TAG, adv_name, adv_name_len); ESP_LOGI(GATTC_TAG, " "); diff --git a/examples/bluetooth/bluedroid/ble/ble_throughput/throughput_client/main/example_ble_client_throughput.c b/examples/bluetooth/bluedroid/ble/ble_throughput/throughput_client/main/example_ble_client_throughput.c index 48a8551536..c3ad88d66e 100644 --- a/examples/bluetooth/bluedroid/ble/ble_throughput/throughput_client/main/example_ble_client_throughput.c +++ b/examples/bluetooth/bluedroid/ble/ble_throughput/throughput_client/main/example_ble_client_throughput.c @@ -394,8 +394,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par case ESP_GAP_SEARCH_INQ_RES_EVT: esp_log_buffer_hex(GATTC_TAG, scan_result->scan_rst.bda, 6); ESP_LOGI(GATTC_TAG, "searched Adv Data Len %d, Scan Response Len %d", scan_result->scan_rst.adv_data_len, scan_result->scan_rst.scan_rsp_len); - adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv, - ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); + adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv, + scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len, + ESP_BLE_AD_TYPE_NAME_CMPL, + &adv_name_len); ESP_LOGI(GATTC_TAG, "searched Device Name Len %d", adv_name_len); esp_log_buffer_char(GATTC_TAG, adv_name, adv_name_len); ESP_LOGI(GATTC_TAG, " "); diff --git a/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c b/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c index a35b9bb2dc..a97029b14b 100644 --- a/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c +++ b/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c @@ -349,8 +349,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par case ESP_GAP_SEARCH_INQ_RES_EVT: esp_log_buffer_hex(GATTC_TAG, scan_result->scan_rst.bda, 6); ESP_LOGI(GATTC_TAG, "searched Adv Data Len %d, Scan Response Len %d", scan_result->scan_rst.adv_data_len, scan_result->scan_rst.scan_rsp_len); - adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv, - ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); + adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv, + scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len, + ESP_BLE_AD_TYPE_NAME_CMPL, + &adv_name_len); ESP_LOGI(GATTC_TAG, "searched Device Name Len %d", adv_name_len); esp_log_buffer_char(GATTC_TAG, adv_name, adv_name_len); diff --git a/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c b/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c index f5e60c0939..f7b8971e37 100644 --- a/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c +++ b/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c @@ -451,8 +451,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par case ESP_GAP_SEARCH_INQ_RES_EVT: esp_log_buffer_hex(GATTC_TAG, scan_result->scan_rst.bda, 6); ESP_LOGI(GATTC_TAG, "Searched Adv Data Len %d, Scan Response Len %d", scan_result->scan_rst.adv_data_len, scan_result->scan_rst.scan_rsp_len); - adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv, - ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); + adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv, + scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len, + ESP_BLE_AD_TYPE_NAME_CMPL, + &adv_name_len); ESP_LOGI(GATTC_TAG, "Searched Device Name Len %d", adv_name_len); esp_log_buffer_char(GATTC_TAG, adv_name, adv_name_len); ESP_LOGI(GATTC_TAG, " "); diff --git a/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c b/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c index ef64a509c9..5248bede6f 100644 --- a/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c +++ b/examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c @@ -794,8 +794,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par case ESP_GAP_SEARCH_INQ_RES_EVT: esp_log_buffer_hex(GATTC_TAG, scan_result->scan_rst.bda, 6); ESP_LOGI(GATTC_TAG, "Searched Adv Data Len %d, Scan Response Len %d", scan_result->scan_rst.adv_data_len, scan_result->scan_rst.scan_rsp_len); - adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv, - ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); + adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv, + scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len, + ESP_BLE_AD_TYPE_NAME_CMPL, + &adv_name_len); ESP_LOGI(GATTC_TAG, "Searched Device Name Len %d", adv_name_len); esp_log_buffer_char(GATTC_TAG, adv_name, adv_name_len); ESP_LOGI(GATTC_TAG, " "); diff --git a/examples/bluetooth/bluedroid/ble_50/ble50_security_client/main/ble50_sec_gattc_demo.c b/examples/bluetooth/bluedroid/ble_50/ble50_security_client/main/ble50_sec_gattc_demo.c index f4a66878a5..151fbbaa6a 100644 --- a/examples/bluetooth/bluedroid/ble_50/ble50_security_client/main/ble50_sec_gattc_demo.c +++ b/examples/bluetooth/bluedroid/ble_50/ble50_security_client/main/ble50_sec_gattc_demo.c @@ -494,8 +494,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par } else { ESP_LOGI(GATTC_TAG, "extend adv, adv type 0x%x data len %d", param->ext_adv_report.params.event_type, param->ext_adv_report.params.adv_data_len); } - adv_name = esp_ble_resolve_adv_data(param->ext_adv_report.params.adv_data, - ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); + adv_name = esp_ble_resolve_adv_data_by_type(param->ext_adv_report.params.adv_data, + param->ext_adv_report.params.adv_data_len, + ESP_BLE_AD_TYPE_NAME_CMPL, + &adv_name_len); if (!connect && strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) { connect = true; esp_ble_gap_stop_ext_scan(); diff --git a/examples/bluetooth/bluedroid/ble_50/peroidic_sync/main/periodic_sync_demo.c b/examples/bluetooth/bluedroid/ble_50/peroidic_sync/main/periodic_sync_demo.c index 3a7e56f5a1..070921564c 100644 --- a/examples/bluetooth/bluedroid/ble_50/peroidic_sync/main/periodic_sync_demo.c +++ b/examples/bluetooth/bluedroid/ble_50/peroidic_sync/main/periodic_sync_demo.c @@ -108,7 +108,10 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param case ESP_GAP_BLE_EXT_ADV_REPORT_EVT: { uint8_t *adv_name = NULL; uint8_t adv_name_len = 0; - adv_name = esp_ble_resolve_adv_data(param->ext_adv_report.params.adv_data, ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); + adv_name = esp_ble_resolve_adv_data_by_type(param->ext_adv_report.params.adv_data, + param->ext_adv_report.params.adv_data_len, + ESP_BLE_AD_TYPE_NAME_CMPL, + &adv_name_len); if ((adv_name != NULL) && (memcmp(adv_name, "ESP_MULTI_ADV_80MS", adv_name_len) == 0) && !periodic_sync) { periodic_sync = true; char adv_temp_name[30] = {'0'}; diff --git a/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c b/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c index 6d328b9e20..8c537e5f11 100644 --- a/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c +++ b/examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c @@ -293,8 +293,10 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param esp_ble_gap_cb_param_t *scan_result = (esp_ble_gap_cb_param_t *)param; switch (scan_result->scan_rst.search_evt) { case ESP_GAP_SEARCH_INQ_RES_EVT: - adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv, - ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); + adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv, + scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len, + ESP_BLE_AD_TYPE_NAME_CMPL, + &adv_name_len); if (adv_name != NULL) { if (strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) { if (connect == false) { diff --git a/examples/bluetooth/esp_hid_device/main/esp_hid_gap.c b/examples/bluetooth/esp_hid_device/main/esp_hid_gap.c index f86b9f1490..16bbad8598 100644 --- a/examples/bluetooth/esp_hid_device/main/esp_hid_gap.c +++ b/examples/bluetooth/esp_hid_device/main/esp_hid_gap.c @@ -358,22 +358,34 @@ static void handle_ble_device_result(struct ble_scan_result_evt_param *scan_rst) char name[64] = {0}; uint8_t uuid_len = 0; - uint8_t *uuid_d = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_16SRV_CMPL, &uuid_len); + uint8_t *uuid_d = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv, + scan_rst->adv_data_len + scan_rst->scan_rsp_len, + ESP_BLE_AD_TYPE_16SRV_CMPL, + &uuid_len); if (uuid_d != NULL && uuid_len) { uuid = uuid_d[0] + (uuid_d[1] << 8); } uint8_t appearance_len = 0; - uint8_t *appearance_d = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_APPEARANCE, &appearance_len); + uint8_t *appearance_d = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv, + scan_rst->adv_data_len + scan_rst->scan_rsp_len, + ESP_BLE_AD_TYPE_APPEARANCE, + &appearance_len); if (appearance_d != NULL && appearance_len) { appearance = appearance_d[0] + (appearance_d[1] << 8); } uint8_t adv_name_len = 0; - uint8_t *adv_name = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); + uint8_t *adv_name = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv, + scan_rst->adv_data_len + scan_rst->scan_rsp_len, + ESP_BLE_AD_TYPE_NAME_CMPL, + &adv_name_len); if (adv_name == NULL) { - adv_name = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_NAME_SHORT, &adv_name_len); + adv_name = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv, + scan_rst->adv_data_len + scan_rst->scan_rsp_len, + ESP_BLE_AD_TYPE_NAME_SHORT, + &adv_name_len); } if (adv_name != NULL && adv_name_len) { diff --git a/examples/bluetooth/esp_hid_host/main/esp_hid_gap.c b/examples/bluetooth/esp_hid_host/main/esp_hid_gap.c index 6aa6edf989..b885d3ef38 100644 --- a/examples/bluetooth/esp_hid_host/main/esp_hid_gap.c +++ b/examples/bluetooth/esp_hid_host/main/esp_hid_gap.c @@ -405,22 +405,34 @@ static void handle_ble_device_result(struct ble_scan_result_evt_param *scan_rst) char name[64] = {0}; uint8_t uuid_len = 0; - uint8_t *uuid_d = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_16SRV_CMPL, &uuid_len); + uint8_t *uuid_d = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv, + scan_rst->adv_data_len + scan_rst->scan_rsp_len, + ESP_BLE_AD_TYPE_16SRV_CMPL, + &uuid_len); if (uuid_d != NULL && uuid_len) { uuid = uuid_d[0] + (uuid_d[1] << 8); } uint8_t appearance_len = 0; - uint8_t *appearance_d = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_APPEARANCE, &appearance_len); + uint8_t *appearance_d = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv, + scan_rst->adv_data_len + scan_rst->scan_rsp_len, + ESP_BLE_AD_TYPE_APPEARANCE, + &appearance_len); if (appearance_d != NULL && appearance_len) { appearance = appearance_d[0] + (appearance_d[1] << 8); } uint8_t adv_name_len = 0; - uint8_t *adv_name = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); + uint8_t *adv_name = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv, + scan_rst->adv_data_len + scan_rst->scan_rsp_len, + ESP_BLE_AD_TYPE_NAME_CMPL, + &adv_name_len); if (adv_name == NULL) { - adv_name = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_NAME_SHORT, &adv_name_len); + adv_name = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv, + scan_rst->adv_data_len + scan_rst->scan_rsp_len, + ESP_BLE_AD_TYPE_NAME_SHORT, + &adv_name_len); } if (adv_name != NULL && adv_name_len) { From efb16c2685a566ce6195274952e69fae6aebc4f1 Mon Sep 17 00:00:00 2001 From: zhanghaipeng Date: Tue, 20 Aug 2024 14:29:16 +0800 Subject: [PATCH 2/3] docs(blufi): Optimize documentation for Blufi example --- examples/bluetooth/blufi/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/bluetooth/blufi/README.md b/examples/bluetooth/blufi/README.md index 91c2ffde0b..de0f26fd92 100644 --- a/examples/bluetooth/blufi/README.md +++ b/examples/bluetooth/blufi/README.md @@ -20,7 +20,7 @@ To test this demo, you need to prepare a mobile phone with blufi application ins Blufi is completely open source, here is the download link: * [Blufi source code](https://github.com/espressif/esp-idf/tree/master/examples/bluetooth/blufi) -* [BluFi protocol](https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/blufi.html?highlight=blufi#the-frame-formats-defined-in-blufi) +* [BluFi protocol](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/ble/blufi.html) * [iOS source code](https://github.com/EspressifApp/EspBlufiForiOS) * [Android source code](https://github.com/EspressifApp/EspBlufi) * [Bluetooth Network User Guide CN](https://www.espressif.com/sites/default/files/documentation/esp32_bluetooth_networking_user_guide_cn.pdf) From 15eb5f7f85dea795cdf58f33b0b9eefb4ddf7b76 Mon Sep 17 00:00:00 2001 From: zhanghaipeng Date: Thu, 15 Aug 2024 11:56:26 +0800 Subject: [PATCH 3/3] feat(ble/controller): Support get BLE controller free heap size --- components/bt/controller/esp32/bt.c | 17 ++++++++++++++++- components/bt/controller/esp32c3/bt.c | 17 ++++++++++++++++- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/components/bt/controller/esp32/bt.c b/components/bt/controller/esp32/bt.c index d6cde29a57..42207893c0 100644 --- a/components/bt/controller/esp32/bt.c +++ b/components/bt/controller/esp32/bt.c @@ -92,6 +92,7 @@ do{\ #define OSI_VERSION 0x00010005 #define OSI_MAGIC_VALUE 0xFADEBEAD +#define BLE_CONTROLLER_MALLOC_CAPS (MALLOC_CAP_8BIT|MALLOC_CAP_DMA|MALLOC_CAP_INTERNAL) /* Types definition ************************************************************************ */ @@ -864,7 +865,21 @@ static int IRAM_ATTR cause_sw_intr_to_core_wrapper(int core_id, int intr_no) static void *malloc_internal_wrapper(size_t size) { - return heap_caps_malloc(size, MALLOC_CAP_8BIT|MALLOC_CAP_DMA|MALLOC_CAP_INTERNAL); + return heap_caps_malloc(size, BLE_CONTROLLER_MALLOC_CAPS); +} + +void *malloc_ble_controller_mem(size_t size) +{ + void *p = heap_caps_malloc(size, BLE_CONTROLLER_MALLOC_CAPS); + if(p == NULL) { + ESP_LOGE(BTDM_LOG_TAG, "Malloc failed"); + } + return p; +} + +uint32_t get_ble_controller_free_heap_size(void) +{ + return heap_caps_get_free_size(BLE_CONTROLLER_MALLOC_CAPS); } static int32_t IRAM_ATTR read_mac_wrapper(uint8_t mac[6]) diff --git a/components/bt/controller/esp32c3/bt.c b/components/bt/controller/esp32c3/bt.c index 00f6f8e485..b9b30aa965 100644 --- a/components/bt/controller/esp32c3/bt.c +++ b/components/bt/controller/esp32c3/bt.c @@ -116,6 +116,7 @@ do{\ #define BLE_PWR_HDL_INVL 0xFFFF +#define BLE_CONTROLLER_MALLOC_CAPS (MALLOC_CAP_INTERNAL|MALLOC_CAP_DMA) /* Types definition ************************************************************************ */ @@ -685,13 +686,27 @@ static bool IRAM_ATTR is_in_isr_wrapper(void) static void *malloc_internal_wrapper(size_t size) { - void *p = heap_caps_malloc(size, MALLOC_CAP_INTERNAL|MALLOC_CAP_DMA); + void *p = heap_caps_malloc(size, BLE_CONTROLLER_MALLOC_CAPS); if(p == NULL) { ESP_LOGE(BT_LOG_TAG, "Malloc failed"); } return p; } +void *malloc_ble_controller_mem(size_t size) +{ + void *p = heap_caps_malloc(size, BLE_CONTROLLER_MALLOC_CAPS); + if(p == NULL) { + ESP_LOGE(BT_LOG_TAG, "Malloc failed"); + } + return p; +} + +uint32_t get_ble_controller_free_heap_size(void) +{ + return heap_caps_get_free_size(BLE_CONTROLLER_MALLOC_CAPS); +} + static int IRAM_ATTR read_mac_wrapper(uint8_t mac[6]) { int ret = esp_read_mac(mac, ESP_MAC_BT);