From 65d3c54c1999624308bce3c2408a8278403ada0a Mon Sep 17 00:00:00 2001 From: xiongweichao Date: Tue, 18 Oct 2022 14:21:39 +0800 Subject: [PATCH] bt: Fixed esp_spp_write() crash when len is 0 Closes https://github.com/espressif/esp-idf/issues/9977 --- components/bt/host/bluedroid/api/esp_spp_api.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/components/bt/host/bluedroid/api/esp_spp_api.c b/components/bt/host/bluedroid/api/esp_spp_api.c index 040fe4a469..0c8553d481 100644 --- a/components/bt/host/bluedroid/api/esp_spp_api.c +++ b/components/bt/host/bluedroid/api/esp_spp_api.c @@ -195,6 +195,11 @@ esp_err_t esp_spp_write(uint32_t handle, int len, uint8_t *p_data) btc_spp_args_t arg; ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (len <= 0 || p_data == NULL) { + LOG_ERROR("Invalid data or len!\n"); + return ESP_ERR_INVALID_ARG; + } + msg.sig = BTC_SIG_API_CALL; msg.pid = BTC_PID_SPP; msg.act = BTC_SPP_ACT_WRITE;