alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fixed the index out of bounds of hfp_ag BTC control block

Browse Source
This commit is contained in:
Jin Cheng 2023-02-22 21:37:31 +08:00 committed by BOT
parent 46e07795af
commit 879038d09f
1 changed files with 71 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
components/bt/host/bluedroid/btc/profile/std/hf_ag/btc_hf_ag.c
View File

@ -39,7 +39,7 @@
** Constants & Macros ** Constants & Macros
************************************************************************************/ ************************************************************************************/
/* Max HF Clients Supported From App */ /* Max HF Clients Supported From App */
static UINT16 btc_max_hf_clients = 1; static UINT16 btc_max_hf_clients = BTC_HF_NUM_CB;
/* HF Param Definition */ /* HF Param Definition */
#if HFP_DYNAMIC_MEMORY == FALSE #if HFP_DYNAMIC_MEMORY == FALSE
static hf_local_param_t hf_local_param[BTC_HF_NUM_CB]; static hf_local_param_t hf_local_param[BTC_HF_NUM_CB];
@ -78,27 +78,31 @@ static hf_local_param_t *hf_local_param;
#endif #endif
BOOLEAN btc_conf_hf_force_wbs = BTC_HF_WBS_PREFERRED; BOOLEAN btc_conf_hf_force_wbs = BTC_HF_WBS_PREFERRED;
#define CHECK_HF_INIT() do { \ #define CHECK_HF_INIT(idx) \
if (! hf_local_param[idx].btc_hf_cb.initialized) { \ do { \
BTIF_TRACE_WARNING("CHECK_HF_INIT: %s: HF AG not initialized", __FUNCTION__);\ if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) { \
return BT_STATUS_NOT_READY; \ return BT_STATUS_FAIL; \
} \ } \
else\ if (!hf_local_param[idx].btc_hf_cb.initialized) { \
{\ BTIF_TRACE_WARNING("CHECK_HF_INIT: %s: HF AG not initialized", __FUNCTION__); \
BTIF_TRACE_EVENT("CHECK_HF_INIT: %s", __FUNCTION__);\ return BT_STATUS_NOT_READY; \
}\ } else { \
BTIF_TRACE_EVENT("CHECK_HF_INIT: %s", __FUNCTION__); \
} \
} while (0) } while (0)
#define CHECK_HF_SLC_CONNECTED() do { \ #define CHECK_HF_SLC_CONNECTED(idx) \
if (! hf_local_param[idx].btc_hf_cb.initialized || \ do { \
if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) { \
return BT_STATUS_FAIL; \
} \
if (!hf_local_param[idx].btc_hf_cb.initialized || \
hf_local_param[idx].btc_hf_cb.connection_state != ESP_HF_CONNECTION_STATE_SLC_CONNECTED) { \ hf_local_param[idx].btc_hf_cb.connection_state != ESP_HF_CONNECTION_STATE_SLC_CONNECTED) { \
BTIF_TRACE_WARNING("CHECK_HF_INIT: %s: HF AG not initialized", __FUNCTION__);\ BTIF_TRACE_WARNING("CHECK_HF_SLC_CONNECTED: %s: HF AG SLC not connected", __FUNCTION__); \
return BT_STATUS_NOT_READY; \ return BT_STATUS_NOT_READY; \
} \ } else { \
else\ BTIF_TRACE_EVENT("CHECK_HF_SLC_CONNECTED: %s", __FUNCTION__); \
{\ } \
BTIF_TRACE_EVENT("CHECK_HF_INIT: %s", __FUNCTION__);\
}\
} while (0) } while (0)
@ -122,12 +126,22 @@ static int btc_hf_idx_by_bdaddr(bt_bdaddr_t *bd_addr)
return BTC_HF_INVALID_IDX; return BTC_HF_INVALID_IDX;
} }
static BOOLEAN is_connected(bt_bdaddr_t *bd_addr) static int btc_hf_find_free_idx(void)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); for (int idx = 0; idx < btc_max_hf_clients; ++idx) {
if (((hf_local_param[idx].btc_hf_cb.connection_state == ESP_HF_CONNECTION_STATE_CONNECTED) || if (hf_local_param[idx].btc_hf_cb.initialized &&
(hf_local_param[idx].btc_hf_cb.connection_state == ESP_HF_CONNECTION_STATE_SLC_CONNECTED)) && hf_local_param[idx].btc_hf_cb.connection_state == ESP_HF_CONNECTION_STATE_DISCONNECTED) {
((bd_addr == NULL) || (bdcmp(bd_addr->address,hf_local_param[idx].btc_hf_cb.connected_bda.address) == 0))) { return idx;
}
}
return BTC_HF_INVALID_IDX;
}
static BOOLEAN is_connected(int idx, bt_bdaddr_t *bd_addr)
{
if ((bdcmp(bd_addr->address,hf_local_param[idx].btc_hf_cb.connected_bda.address) == 0) &&
((hf_local_param[idx].btc_hf_cb.connection_state == ESP_HF_CONNECTION_STATE_CONNECTED) ||
(hf_local_param[idx].btc_hf_cb.connection_state == ESP_HF_CONNECTION_STATE_SLC_CONNECTED))) {
return TRUE; return TRUE;
} }
return FALSE; return FALSE;
@ -340,13 +354,13 @@ void btc_hf_deinit(bt_bdaddr_t *bd_addr)
static bt_status_t connect_init(bt_bdaddr_t *bd_addr, uint16_t uuid) static bt_status_t connect_init(bt_bdaddr_t *bd_addr, uint16_t uuid)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_find_free_idx();
CHECK_HF_INIT();
if (idx == btc_max_hf_clients) { if (idx == BTC_HF_INVALID_IDX) {
return BT_STATUS_BUSY; return BT_STATUS_BUSY;
} }
if (!is_connected(bd_addr)) { if (!is_connected(idx, bd_addr)) {
hf_local_param[idx].btc_hf_cb.connection_state = ESP_HF_CONNECTION_STATE_CONNECTING; hf_local_param[idx].btc_hf_cb.connection_state = ESP_HF_CONNECTION_STATE_CONNECTING;
bdcpy(hf_local_param[idx].btc_hf_cb.connected_bda.address, bd_addr->address); bdcpy(hf_local_param[idx].btc_hf_cb.connected_bda.address, bd_addr->address);
BTA_AgOpen(hf_local_param[idx].btc_hf_cb.handle, hf_local_param[idx].btc_hf_cb.connected_bda.address, BTC_HF_SECURITY, BTC_HF_SERVICES); BTA_AgOpen(hf_local_param[idx].btc_hf_cb.handle, hf_local_param[idx].btc_hf_cb.connected_bda.address, BTC_HF_SECURITY, BTC_HF_SERVICES);
@ -362,13 +376,13 @@ bt_status_t btc_hf_connect(bt_bdaddr_t *bd_addr)
bt_status_t btc_hf_disconnect(bt_bdaddr_t *bd_addr) bt_status_t btc_hf_disconnect(bt_bdaddr_t *bd_addr)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_INIT();
if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) { if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) {
BTC_TRACE_ERROR("%s: Invalid index %d", __FUNCTION__, idx); BTC_TRACE_ERROR("%s: Invalid index %d", __FUNCTION__, idx);
return BT_STATUS_FAIL; return BT_STATUS_FAIL;
} }
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) { if (is_connected(idx, bd_addr)) {
BTA_AgClose(hf_local_param[idx].btc_hf_cb.handle); BTA_AgClose(hf_local_param[idx].btc_hf_cb.handle);
return BT_STATUS_SUCCESS; return BT_STATUS_SUCCESS;
} }
@ -378,13 +392,9 @@ bt_status_t btc_hf_disconnect(bt_bdaddr_t *bd_addr)
bt_status_t btc_hf_connect_audio(bt_bdaddr_t *bd_addr) bt_status_t btc_hf_connect_audio(bt_bdaddr_t *bd_addr)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_SLC_CONNECTED(); CHECK_HF_SLC_CONNECTED(idx);
if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) {
BTC_TRACE_ERROR("%s: Invalid index %d", __FUNCTION__, idx);
return BT_STATUS_FAIL;
}
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) { if (is_connected(idx, bd_addr)) {
BTA_AgAudioOpen(hf_local_param[idx].btc_hf_cb.handle); BTA_AgAudioOpen(hf_local_param[idx].btc_hf_cb.handle);
/* Inform the application that the audio connection has been initiated successfully */ /* Inform the application that the audio connection has been initiated successfully */
do { do {
@ -402,13 +412,9 @@ bt_status_t btc_hf_connect_audio(bt_bdaddr_t *bd_addr)
bt_status_t btc_hf_disconnect_audio(bt_bdaddr_t *bd_addr) bt_status_t btc_hf_disconnect_audio(bt_bdaddr_t *bd_addr)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_SLC_CONNECTED(); CHECK_HF_SLC_CONNECTED(idx);
if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) {
BTC_TRACE_ERROR("%s: Invalid index %d", __FUNCTION__, idx);
return BT_STATUS_FAIL;
}
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) { if (is_connected(idx, bd_addr)) {
BTA_AgAudioClose(hf_local_param[idx].btc_hf_cb.handle); BTA_AgAudioClose(hf_local_param[idx].btc_hf_cb.handle);
return BT_STATUS_SUCCESS; return BT_STATUS_SUCCESS;
} }
@ -422,13 +428,9 @@ bt_status_t btc_hf_disconnect_audio(bt_bdaddr_t *bd_addr)
static bt_status_t btc_hf_vra(bt_bdaddr_t *bd_addr, esp_hf_vr_state_t value) static bt_status_t btc_hf_vra(bt_bdaddr_t *bd_addr, esp_hf_vr_state_t value)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_SLC_CONNECTED(); CHECK_HF_SLC_CONNECTED(idx);
if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) {
BTC_TRACE_ERROR("%s: Invalid index %d", __FUNCTION__, idx);
return BT_STATUS_FAIL;
}
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) { if (is_connected(idx, bd_addr)) {
if (hf_local_param[idx].btc_hf_cb.peer_feat & BTA_AG_PEER_FEAT_VREC) { if (hf_local_param[idx].btc_hf_cb.peer_feat & BTA_AG_PEER_FEAT_VREC) {
tBTA_AG_RES_DATA ag_res; tBTA_AG_RES_DATA ag_res;
memset(&ag_res, 0, sizeof(ag_res)); memset(&ag_res, 0, sizeof(ag_res));
@ -445,15 +447,11 @@ static bt_status_t btc_hf_vra(bt_bdaddr_t *bd_addr, esp_hf_vr_state_t value)
static bt_status_t btc_hf_volume_control(bt_bdaddr_t *bd_addr, esp_hf_volume_type_t type, int volume) static bt_status_t btc_hf_volume_control(bt_bdaddr_t *bd_addr, esp_hf_volume_type_t type, int volume)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_SLC_CONNECTED(); CHECK_HF_SLC_CONNECTED(idx);
if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) {
BTC_TRACE_ERROR("%s: Invalid index %d", __FUNCTION__, idx);
return BT_STATUS_FAIL;
}
tBTA_AG_RES_DATA ag_res; tBTA_AG_RES_DATA ag_res;
memset(&ag_res, 0, sizeof(tBTA_AG_RES_DATA)); memset(&ag_res, 0, sizeof(tBTA_AG_RES_DATA));
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) { if (is_connected(idx, bd_addr)) {
ag_res.num = volume; ag_res.num = volume;
BTA_AgResult(hf_local_param[idx].btc_hf_cb.handle, (type == ESP_HF_VOLUME_TYPE_SPK) ? BTA_AG_SPK_RES : BTA_AG_MIC_RES, &ag_res); BTA_AgResult(hf_local_param[idx].btc_hf_cb.handle, (type == ESP_HF_VOLUME_TYPE_SPK) ? BTA_AG_SPK_RES : BTA_AG_MIC_RES, &ag_res);
return BT_STATUS_SUCCESS; return BT_STATUS_SUCCESS;
@ -465,13 +463,9 @@ static bt_status_t btc_hf_volume_control(bt_bdaddr_t *bd_addr, esp_hf_volume_typ
static bt_status_t btc_hf_unat_response(bt_bdaddr_t *bd_addr, const char *unat) static bt_status_t btc_hf_unat_response(bt_bdaddr_t *bd_addr, const char *unat)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_INIT(); CHECK_HF_INIT(idx);
if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) {
BTC_TRACE_ERROR("%s: Invalid index %d", __FUNCTION__, idx);
return BT_STATUS_FAIL;
}
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) if (is_connected(idx, bd_addr))
{ {
tBTA_AG_RES_DATA ag_res; tBTA_AG_RES_DATA ag_res;
/* Format the response and send */ /* Format the response and send */
@ -493,13 +487,9 @@ static bt_status_t btc_hf_unat_response(bt_bdaddr_t *bd_addr, const char *unat)
static bt_status_t btc_hf_cmee_response(bt_bdaddr_t *bd_addr, esp_hf_at_response_code_t response_code, esp_hf_cme_err_t error_code) static bt_status_t btc_hf_cmee_response(bt_bdaddr_t *bd_addr, esp_hf_at_response_code_t response_code, esp_hf_cme_err_t error_code)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_INIT(); CHECK_HF_INIT(idx);
if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) {
BTC_TRACE_ERROR("%s: Invalid index %d", __FUNCTION__, idx);
return BT_STATUS_FAIL;
}
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) { if (is_connected(idx, bd_addr)) {
tBTA_AG_RES_DATA ag_res; tBTA_AG_RES_DATA ag_res;
memset(&ag_res, 0, sizeof(ag_res)); memset(&ag_res, 0, sizeof(ag_res));
if (response_code == ESP_HF_AT_RESPONSE_CODE_OK) { if (response_code == ESP_HF_AT_RESPONSE_CODE_OK) {
@ -521,8 +511,8 @@ static bt_status_t btc_hf_indchange_notification(bt_bdaddr_t *bd_addr,
esp_hf_network_state_t ntk_state, int signal) esp_hf_network_state_t ntk_state, int signal)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_INIT(); CHECK_HF_INIT(idx);
if (is_connected(bd_addr)) { if (is_connected(idx, bd_addr)) {
/* Send all indicators to BTA. /* Send all indicators to BTA.
* BTA will make sure no duplicates are sent out*/ * BTA will make sure no duplicates are sent out*/
send_indicator_update(BTA_AG_IND_CALL, call_state); send_indicator_update(BTA_AG_IND_CALL, call_state);
@ -542,13 +532,9 @@ static bt_status_t btc_hf_cind_response(bt_bdaddr_t *bd_addr,
esp_hf_call_held_status_t call_held_status) esp_hf_call_held_status_t call_held_status)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_INIT(); CHECK_HF_INIT(idx);
if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) {
BTC_TRACE_ERROR("%s: Invalid index %d", __FUNCTION__, idx);
return BT_STATUS_FAIL;
}
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) { if (is_connected(idx, bd_addr)) {
tBTA_AG_RES_DATA ag_res; tBTA_AG_RES_DATA ag_res;
memset(&ag_res, 0, sizeof (ag_res)); memset(&ag_res, 0, sizeof (ag_res));
sprintf(ag_res.str, "%d,%d,%d,%d,%d,%d,%d", sprintf(ag_res.str, "%d,%d,%d,%d,%d,%d,%d",
@ -570,13 +556,9 @@ static bt_status_t btc_hf_cind_response(bt_bdaddr_t *bd_addr,
static bt_status_t btc_hf_cops_response(bt_bdaddr_t *bd_addr, const char *name) static bt_status_t btc_hf_cops_response(bt_bdaddr_t *bd_addr, const char *name)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_SLC_CONNECTED(); CHECK_HF_SLC_CONNECTED(idx);
if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) {
BTC_TRACE_ERROR("%s: Invalid index %d", __FUNCTION__, idx);
return BT_STATUS_FAIL;
}
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) { if (is_connected(idx, bd_addr)) {
tBTA_AG_RES_DATA ag_res; tBTA_AG_RES_DATA ag_res;
memset (&ag_res, 0, sizeof (ag_res)); memset (&ag_res, 0, sizeof (ag_res));
/* Format the response */ /* Format the response */
@ -595,13 +577,9 @@ static bt_status_t btc_hf_clcc_response(bt_bdaddr_t *bd_addr, int index, esp_hf_
const char *number, esp_hf_call_addr_type_t type) const char *number, esp_hf_call_addr_type_t type)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_SLC_CONNECTED(); CHECK_HF_SLC_CONNECTED(idx);
if ((idx < 0) || (idx >= BTC_HF_NUM_CB)) {
BTC_TRACE_ERROR("%s: Invalid index %d", __FUNCTION__, idx);
return BT_STATUS_FAIL;
}
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) { if (is_connected(idx, bd_addr)) {
tBTA_AG_RES_DATA ag_res; tBTA_AG_RES_DATA ag_res;
memset (&ag_res, 0, sizeof (ag_res)); memset (&ag_res, 0, sizeof (ag_res));
if (index == 0) { if (index == 0) {
@ -628,9 +606,9 @@ static bt_status_t btc_hf_clcc_response(bt_bdaddr_t *bd_addr, int index, esp_hf_
static bt_status_t btc_hf_cnum_response(bt_bdaddr_t *bd_addr, const char *number, esp_hf_subscriber_service_type_t type) static bt_status_t btc_hf_cnum_response(bt_bdaddr_t *bd_addr, const char *number, esp_hf_subscriber_service_type_t type)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_SLC_CONNECTED(); CHECK_HF_SLC_CONNECTED(idx);
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) { if (is_connected(idx, bd_addr)) {
tBTA_AG_RES_DATA ag_res; tBTA_AG_RES_DATA ag_res;
memset(&ag_res, 0, sizeof (ag_res)); memset(&ag_res, 0, sizeof (ag_res));
BTC_TRACE_EVENT("cnum_response: number = %s, type = %d", number, type); BTC_TRACE_EVENT("cnum_response: number = %s, type = %d", number, type);
@ -650,9 +628,9 @@ static bt_status_t btc_hf_cnum_response(bt_bdaddr_t *bd_addr, const char *number
static bt_status_t btc_hf_inband_ring(bt_bdaddr_t *bd_addr, esp_hf_in_band_ring_state_t state) static bt_status_t btc_hf_inband_ring(bt_bdaddr_t *bd_addr, esp_hf_in_band_ring_state_t state)
{ {
int idx = btc_hf_idx_by_bdaddr(bd_addr); int idx = btc_hf_idx_by_bdaddr(bd_addr);
CHECK_HF_SLC_CONNECTED(); CHECK_HF_SLC_CONNECTED(idx);
if (is_connected(bd_addr) && (idx != BTC_HF_INVALID_IDX)) { if (is_connected(idx, bd_addr)) {
tBTA_AG_RES_DATA ag_res; tBTA_AG_RES_DATA ag_res;
memset (&ag_res, 0, sizeof (ag_res)); memset (&ag_res, 0, sizeof (ag_res));
ag_res.state = state; ag_res.state = state;
@ -681,7 +659,7 @@ static bt_status_t btc_hf_phone_state_update(bt_bdaddr_t *bd_addr,int num_active
} }
BTC_TRACE_DEBUG("phone_state_change: idx = %d", idx); BTC_TRACE_DEBUG("phone_state_change: idx = %d", idx);
CHECK_HF_SLC_CONNECTED(); CHECK_HF_SLC_CONNECTED(idx);
BTC_TRACE_DEBUG("phone_state_change: num_active=%d [prev: %d] num_held=%d[prev: %d] call =%s [prev: %s] call_setup=%s [prev: %s]", BTC_TRACE_DEBUG("phone_state_change: num_active=%d [prev: %d] num_held=%d[prev: %d] call =%s [prev: %s] call_setup=%s [prev: %s]",
num_active, hf_local_param[idx].btc_hf_cb.num_active, num_active, hf_local_param[idx].btc_hf_cb.num_active,
num_held, hf_local_param[idx].btc_hf_cb.num_held, num_held, hf_local_param[idx].btc_hf_cb.num_held,
@ -888,7 +866,7 @@ bt_status_t btc_hf_ci_sco_data(void)
bt_status_t status = BT_STATUS_SUCCESS; bt_status_t status = BT_STATUS_SUCCESS;
#if (BTM_SCO_HCI_INCLUDED == TRUE) #if (BTM_SCO_HCI_INCLUDED == TRUE)
int idx = btc_hf_latest_connected_idx(); int idx = btc_hf_latest_connected_idx();
CHECK_HF_SLC_CONNECTED(); CHECK_HF_SLC_CONNECTED(idx);
if (idx != BTC_HF_INVALID_IDX) { if (idx != BTC_HF_INVALID_IDX) {
BTA_AgCiData(hf_local_param[idx].btc_hf_cb.handle); BTA_AgCiData(hf_local_param[idx].btc_hf_cb.handle);