Merge branch 'feat/support_blecrt_242_v5.1' into 'release/v5.1'

fix(bt/bluedroid): Fixed access fault when reading BLE controller information fails (v5.1)

See merge request espressif/esp-idf!33632
This commit is contained in:
Island 2024-09-20 10:34:02 +08:00
commit 697a621545
5 changed files with 38 additions and 19 deletions

View File

@ -242,6 +242,7 @@ typedef union {
*/
struct gatts_rsp_evt_param {
esp_gatt_status_t status; /*!< Operation status */
uint16_t conn_id; /*!< Connection id */
uint16_t handle; /*!< Attribute handle which send response */
} rsp; /*!< Gatt server callback param of ESP_GATTS_RESPONSE_EVT */

View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -469,7 +469,7 @@ static esp_gatt_status_t btc_gatts_check_valid_attr_tab(esp_gatts_attr_db_t *gat
if(gatts_attr_db[i+1].att_desc.uuid_length != ESP_UUID_LEN_16 &&
gatts_attr_db[i+1].att_desc.uuid_length != ESP_UUID_LEN_32 &&
gatts_attr_db[i+1].att_desc.uuid_length != ESP_UUID_LEN_128) {
BTC_TRACE_ERROR("%s, The Charateristic uuid length = %d is invalid", __func__,\
BTC_TRACE_ERROR("%s, The Characteristic uuid length = %d is invalid", __func__,\
gatts_attr_db[i+1].att_desc.uuid_length);
return ESP_GATT_INVALID_ATTR_LEN;
}
@ -481,7 +481,7 @@ static esp_gatt_status_t btc_gatts_check_valid_attr_tab(esp_gatts_attr_db_t *gat
uuid == ESP_GATT_UUID_CHAR_SRVR_CONFIG || uuid == ESP_GATT_UUID_CHAR_PRESENT_FORMAT ||
uuid == ESP_GATT_UUID_CHAR_AGG_FORMAT || uuid == ESP_GATT_UUID_CHAR_VALID_RANGE ||
uuid == ESP_GATT_UUID_EXT_RPT_REF_DESCR || uuid == ESP_GATT_UUID_RPT_REF_DESCR) {
BTC_TRACE_ERROR("%s, The charateristic value uuid = %d is invalid", __func__, uuid);
BTC_TRACE_ERROR("%s, The characteristic value uuid = %d is invalid", __func__, uuid);
return ESP_GATT_INVALID_PDU;
}
}
@ -694,6 +694,7 @@ void btc_gatts_call_handler(btc_msg_t *msg)
}
param.rsp.status = 0;
param.rsp.conn_id = BTC_GATT_GET_CONN_ID(arg->send_rsp.conn_id);
btc_gatts_cb_to_app(ESP_GATTS_RESPONSE_EVT, BTC_GATT_GET_GATT_IF(arg->send_rsp.conn_id), &param);
break;
}

View File

@ -271,7 +271,7 @@ static void start_up(void)
#endif //#if (BLE_50_FEATURE_SUPPORT == TRUE)
#if (BLE_50_FEATURE_SUPPORT == TRUE && BLE_42_FEATURE_SUPPORT == FALSE)
if (HCI_LE_ENHANCED_PRIVACY_SUPPORTED(controller_param.features_ble.as_array)) {
if (HCI_LE_EXT_ADV_SUPPORTED(controller_param.features_ble.as_array)) {
response = AWAIT_COMMAND(controller_param.packet_factory->make_read_max_adv_data_len());
controller_param.packet_parser->parse_ble_read_adv_max_len_response(
response,

View File

@ -186,7 +186,9 @@ static void parse_ble_read_resolving_list_size_response(
{
uint8_t *stream = read_command_complete_header(response, HCI_BLE_READ_RESOLVING_LIST_SIZE, 1 /* bytes after */);
STREAM_TO_UINT8(*resolving_list_size_ptr, stream);
if (stream) {
STREAM_TO_UINT8(*resolving_list_size_ptr, stream);
}
osi_free(response);
}
@ -198,10 +200,14 @@ static void parse_ble_read_suggested_default_data_length_response(
{
uint8_t *stream = read_command_complete_header(response, HCI_BLE_READ_DEFAULT_DATA_LENGTH, 2 /* bytes after */);
STREAM_TO_UINT16(*ble_default_packet_length_ptr, stream);
STREAM_TO_UINT16(*ble_default_packet_txtime_ptr, stream);
if (stream) {
STREAM_TO_UINT16(*ble_default_packet_length_ptr, stream);
STREAM_TO_UINT16(*ble_default_packet_txtime_ptr, stream);
}
osi_free(response);
}
#if (BLE_50_FEATURE_SUPPORT == TRUE)
static void parse_ble_read_adv_max_len_response(
BT_HDR *response,
@ -209,8 +215,10 @@ static void parse_ble_read_adv_max_len_response(
{
uint8_t *stream = read_command_complete_header(response, HCI_BLE_RD_MAX_ADV_DATA_LEN, 1 /* bytes after */);
// Size: 2 Octets ; Value: 0x001F 0x0672 ; Maximum supported advertising data length
STREAM_TO_UINT16(*adv_max_len_ptr, stream);
if (stream) {
// Size: 2 Octets ; Value: 0x001F 0x0672 ; Maximum supported advertising data length
STREAM_TO_UINT16(*adv_max_len_ptr, stream);
}
osi_free(response);
}
@ -254,6 +262,7 @@ static uint8_t *read_command_complete_header(
STREAM_TO_UINT8(status, stream);
if (status != HCI_SUCCESS) {
HCI_TRACE_ERROR("%s failed: opcode 0x%04x, status 0x%02x", __func__, opcode, status);
return NULL;
}

View File

@ -1867,42 +1867,50 @@ typedef struct {
#define HCI_PING_SUPPORTED(x) ((x)[HCI_EXT_FEATURE_PING_OFF] & HCI_EXT_FEATURE_PING_MASK)
/*
** LE features encoding - page 0 (the only page for now)
** LE features encoding - page 0
*/
/* LE Encryption */
/* LE Encryption: bit 0 */
#define HCI_LE_FEATURE_LE_ENCRYPTION_MASK 0x01
#define HCI_LE_FEATURE_LE_ENCRYPTION_OFF 0
#define HCI_LE_ENCRYPTION_SUPPORTED(x) ((x)[HCI_LE_FEATURE_LE_ENCRYPTION_OFF] & HCI_LE_FEATURE_LE_ENCRYPTION_MASK)
/* Connection Parameters Request Procedure */
/* Connection Parameters Request Procedure: bit 1 */
#define HCI_LE_FEATURE_CONN_PARAM_REQ_MASK 0x02
#define HCI_LE_FEATURE_CONN_PARAM_REQ_OFF 0
#define HCI_LE_CONN_PARAM_REQ_SUPPORTED(x) ((x)[HCI_LE_FEATURE_CONN_PARAM_REQ_OFF] & HCI_LE_FEATURE_CONN_PARAM_REQ_MASK)
/* Extended Reject Indication */
/* Extended Reject Indication: bit 2 */
#define HCI_LE_FEATURE_EXT_REJ_IND_MASK 0x04
#define HCI_LE_FEATURE_EXT_REJ_IND_OFF 0
#define HCI_LE_EXT_REJ_IND_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_REJ_IND_OFF] & HCI_LE_FEATURE_EXT_REJ_IND_MASK)
/* Slave-initiated Features Exchange */
/* Slave-initiated Features Exchange: bit 3 */
#define HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_MASK 0x08
#define HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_OFF 0
#define HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(x) ((x)[HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_OFF] & HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_MASK)
/* LE Data Packet Length Extension: bit 5 */
#define HCI_LE_FEATURE_DATA_LEN_EXT_MASK 0x20
#define HCI_LE_FEATURE_DATA_LEN_EXT_OFF 0
#define HCI_LE_DATA_LEN_EXT_SUPPORTED(x) ((x)[HCI_LE_FEATURE_DATA_LEN_EXT_OFF] & HCI_LE_FEATURE_DATA_LEN_EXT_MASK)
/* Enhanced privacy Feature: bit 6 */
#define HCI_LE_FEATURE_ENHANCED_PRIVACY_MASK 0x40
#define HCI_LE_FEATURE_ENHANCED_PRIVACY_OFF 0
#define HCI_LE_ENHANCED_PRIVACY_SUPPORTED(x) ((x)[HCI_LE_FEATURE_ENHANCED_PRIVACY_OFF] & HCI_LE_FEATURE_ENHANCED_PRIVACY_MASK)
/* Extended scanner filter policy : 7 */
/* Extended scanner filter policy: bit 7 */
#define HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_MASK 0x80
#define HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_OFF 0
#define HCI_LE_EXT_SCAN_FILTER_POLICY_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_OFF] & HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_MASK)
/* Slave-initiated Features Exchange */
#define HCI_LE_FEATURE_DATA_LEN_EXT_MASK 0x20
#define HCI_LE_FEATURE_DATA_LEN_EXT_OFF 0
#define HCI_LE_DATA_LEN_EXT_SUPPORTED(x) ((x)[HCI_LE_FEATURE_DATA_LEN_EXT_OFF] & HCI_LE_FEATURE_DATA_LEN_EXT_MASK)
/*
** LE features encoding - page 1
*/
/* LE Extended Advertising: bit 12 */
#define HCI_LE_FEATURE_EXT_ADV_MASK 0x10
#define HCI_LE_FEATURE_EXT_ADV_OFF 1
#define HCI_LE_EXT_ADV_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_ADV_OFF] & HCI_LE_FEATURE_EXT_ADV_MASK)
/*
** Local Supported Commands encoding