From 90510fb5970bf40d982f8aa5128808a33d798cf3 Mon Sep 17 00:00:00 2001 From: xiongweichao Date: Fri, 17 Jun 2022 10:12:17 +0800 Subject: [PATCH] Fix crash when sending data by spp --- components/bt/host/bluedroid/stack/include/stack/l2c_api.h | 1 + components/bt/host/bluedroid/stack/l2cap/l2c_utils.c | 2 +- components/bt/host/bluedroid/stack/rfcomm/port_api.c | 3 ++- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/components/bt/host/bluedroid/stack/include/stack/l2c_api.h b/components/bt/host/bluedroid/stack/include/stack/l2c_api.h index 58d2a13797..76ec2b11c3 100644 --- a/components/bt/host/bluedroid/stack/include/stack/l2c_api.h +++ b/components/bt/host/bluedroid/stack/include/stack/l2c_api.h @@ -39,6 +39,7 @@ ** HCI type(1), len(2), handle(2), L2CAP len(2) and CID(2) => 9 */ #define L2CAP_MIN_OFFSET 13 /* plus control(2), SDU length(2) */ +#define L2CAP_FCS_LEN 2 /* FCS 0 or 2 bytes */ /* Minimum offset for broadcast needs another two bytes for the PSM */ #define L2CAP_BCST_MIN_OFFSET 11 diff --git a/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c b/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c index 059abe7be1..ea887b036e 100644 --- a/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c +++ b/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c @@ -1559,7 +1559,7 @@ tL2C_CCB *l2cu_allocate_ccb (tL2C_LCB *p_lcb, UINT16 cid) l2c_fcr_free_timer (p_ccb); #endif ///CLASSIC_BT_INCLUDED == TRUE p_ccb->ertm_info.preferred_mode = L2CAP_FCR_BASIC_MODE; /* Default mode for channel is basic mode */ - p_ccb->ertm_info.allowed_modes = L2CAP_FCR_CHAN_OPT_BASIC|L2CAP_FCR_CHAN_OPT_BASIC; + p_ccb->ertm_info.allowed_modes = L2CAP_FCR_CHAN_OPT_BASIC|L2CAP_FCR_CHAN_OPT_ERTM; p_ccb->ertm_info.fcr_rx_buf_size = L2CAP_FCR_RX_BUF_SIZE; p_ccb->ertm_info.fcr_tx_buf_size = L2CAP_FCR_TX_BUF_SIZE; p_ccb->ertm_info.user_rx_buf_size = L2CAP_USER_RX_BUF_SIZE; diff --git a/components/bt/host/bluedroid/stack/rfcomm/port_api.c b/components/bt/host/bluedroid/stack/rfcomm/port_api.c index 99d469c96b..4e1baf52a0 100644 --- a/components/bt/host/bluedroid/stack/rfcomm/port_api.c +++ b/components/bt/host/bluedroid/stack/rfcomm/port_api.c @@ -1552,7 +1552,8 @@ int PORT_WriteDataCO (UINT16 handle, int *p_len, int len, UINT8 *p_data) length = (UINT16)available; } - UINT16 alloc_size = (UINT16)(sizeof(BT_HDR) + L2CAP_MIN_OFFSET + RFCOMM_DATA_OVERHEAD+length); + UINT16 alloc_size = (UINT16)(sizeof(BT_HDR) + L2CAP_MIN_OFFSET + RFCOMM_DATA_OVERHEAD + + length + L2CAP_FCS_LEN); p_buf = (BT_HDR *)osi_malloc(alloc_size); if (!p_buf) { RFCOMM_TRACE_EVENT ("PORT_WriteDataCO: out of heap.");