From dac71d688a23a0850dcf551893666c26f42a3745 Mon Sep 17 00:00:00 2001
From: baohongde <baohongde@espressif.com>
Date: Wed, 30 May 2018 15:01:01 +0800
Subject: [PATCH] component/bt: Fix mem leak of esp_ble_gap_set_security_param

cherry-pick from MR !2458
---
 .../btc/profile/std/gap/btc_gap_ble.c         | 25 ++++++++++++-------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c b/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c
index f5c66b232e..2126bf0ad0 100644
--- a/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c
+++ b/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c
@@ -520,9 +520,8 @@ static void btc_ble_start_advertising (esp_ble_adv_params_t *ble_adv_params, tBT
         }
         return;
     }
-    
-    LOG_DEBUG("API_Ble_AppStartAdvertising\n");
 
+    LOG_DEBUG("API_Ble_AppStartAdvertising\n");
     memcpy(peer_addr.bda, ble_adv_params->peer_addr, ESP_BD_ADDR_LEN);
     peer_addr.type = ble_adv_params->peer_addr_type;
     BTA_DmSetBleAdvParamsAll(ble_adv_params->adv_int_min,
@@ -723,12 +722,12 @@ static void btc_add_whitelist_complete_callback(UINT8 status, tBTM_WL_OPERATION
     }
 }
 
-static void btc_set_rand_addr_callback(UINT8 status) 
+static void btc_set_rand_addr_callback(UINT8 status)
 {
     esp_ble_gap_cb_param_t param;
     bt_status_t ret;
     btc_msg_t msg;
-    param.set_rand_addr_cmpl.status = btc_btm_status_to_esp_status(status); //todo status 
+    param.set_rand_addr_cmpl.status = btc_btm_status_to_esp_status(status); //todo status
     msg.sig = BTC_SIG_API_CB;
     msg.pid = BTC_PID_GAP_BLE;
     msg.act = ESP_GAP_BLE_SET_STATIC_RAND_ADDR_EVT;
@@ -1010,6 +1009,13 @@ void btc_gap_ble_arg_deep_free(btc_msg_t *msg)
         }
         break;
     }
+    case BTC_GAP_BLE_SET_SECURITY_PARAM_EVT: {
+        uint8_t *value = ((btc_ble_gap_args_t *)msg->arg)->set_security_param.value;
+        if (value) {
+            osi_free(value);
+        }
+        break;
+    }
     default:
         LOG_DEBUG("Unhandled deep free %d\n", msg->act);
         break;
@@ -1108,36 +1114,37 @@ void btc_gap_ble_call_handler(btc_msg_t *msg)
         break;
     }
     case BTC_GAP_BLE_SET_SECURITY_PARAM_EVT: {
+        uint8_t *value = arg->set_security_param.value;
         switch(arg->set_security_param.param_type) {
             case ESP_BLE_SM_PASSKEY:
                 break;
             case ESP_BLE_SM_AUTHEN_REQ_MODE: {
                 uint8_t authen_req = 0;
-                STREAM_TO_UINT8(authen_req, arg->set_security_param.value);
+                STREAM_TO_UINT8(authen_req, value);
                 bta_dm_co_ble_set_auth_req(authen_req);
                 break;
             }
             case ESP_BLE_SM_IOCAP_MODE: {
                 uint8_t iocap = 0;
-                STREAM_TO_UINT8(iocap, arg->set_security_param.value);
+                STREAM_TO_UINT8(iocap, value);
                 bta_dm_co_ble_set_io_cap(iocap);
                 break;
             }
             case ESP_BLE_SM_SET_INIT_KEY: {
                 uint8_t init_key = 0;
-                STREAM_TO_UINT8(init_key, arg->set_security_param.value);
+                STREAM_TO_UINT8(init_key, value);
                 bta_dm_co_ble_set_init_key_req(init_key);
                 break;
             }
             case ESP_BLE_SM_SET_RSP_KEY: {
                 uint8_t rsp_key = 0;
-                STREAM_TO_UINT8(rsp_key, arg->set_security_param.value);
+                STREAM_TO_UINT8(rsp_key, value);
                 bta_dm_co_ble_set_rsp_key_req(rsp_key);
                 break;
             }
             case ESP_BLE_SM_MAX_KEY_SIZE: {
                 uint8_t key_size = 0;
-                STREAM_TO_UINT8(key_size, arg->set_security_param.value);
+                STREAM_TO_UINT8(key_size, value);
                 bta_dm_co_ble_set_max_key_size(key_size);
                 break;
             }