From a932e1b512b2bb0e60544f3ad8885bb6dc2e213e Mon Sep 17 00:00:00 2001
From: Wang Mengyang <wangmengyang@espressif.com>
Date: Tue, 30 Jul 2024 17:18:41 +0800
Subject: [PATCH 1/2] change(bt): Perform comprehensive heap check in test_app
 for memory release

---
 components/bt/test_apps/memory_release/main/test_app_main.c  | 5 ++++-
 .../bt/test_apps/memory_release/pytest_memory_release.py     | 2 +-
 components/bt/test_apps/memory_release/sdkconfig.defaults    | 2 ++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/components/bt/test_apps/memory_release/main/test_app_main.c b/components/bt/test_apps/memory_release/main/test_app_main.c
index 562d1d97dd..909a730d4b 100644
--- a/components/bt/test_apps/memory_release/main/test_app_main.c
+++ b/components/bt/test_apps/memory_release/main/test_app_main.c
@@ -11,6 +11,7 @@
 #include "nvs_flash.h"
 
 #include "multi_heap.h"
+#include "esp_heap_caps.h"
 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"
 
@@ -127,5 +128,7 @@ void app_main(void)
     }
     ESP_LOGI(tag, "Free heap size increased by %"PRIu32" bytes", free_after - free_before);
 
-    ESP_LOGI(tag, "SUCCESS");
+    if (heap_caps_check_integrity_all(true)) {
+        ESP_LOGI(tag, "Comprehensive heap check: SUCCESS");
+    }
 }
diff --git a/components/bt/test_apps/memory_release/pytest_memory_release.py b/components/bt/test_apps/memory_release/pytest_memory_release.py
index dbefc908a6..fbb3916991 100644
--- a/components/bt/test_apps/memory_release/pytest_memory_release.py
+++ b/components/bt/test_apps/memory_release/pytest_memory_release.py
@@ -12,4 +12,4 @@ from pytest_embedded import Dut
 def test_bt_memory_release(dut: Dut) -> None:
     dut.expect_exact('BLE Host Task Started', timeout=6)
     dut.expect_exact('BLE Host Task Stopped', timeout=8)
-    dut.expect_exact('SUCCESS', timeout=10)
+    dut.expect_exact('Comprehensive heap check: SUCCESS', timeout=10)
diff --git a/components/bt/test_apps/memory_release/sdkconfig.defaults b/components/bt/test_apps/memory_release/sdkconfig.defaults
index a22d8109d7..fc2b04c1aa 100644
--- a/components/bt/test_apps/memory_release/sdkconfig.defaults
+++ b/components/bt/test_apps/memory_release/sdkconfig.defaults
@@ -1,2 +1,4 @@
+CONFIG_HEAP_POISONING_COMPREHENSIVE=y
+
 CONFIG_BT_ENABLED=y
 CONFIG_BT_NIMBLE_ENABLED=y

From 68bfd566165b0c9179f06962cdf640b06f7a8762 Mon Sep 17 00:00:00 2001
From: Wang Mengyang <wangmengyang@espressif.com>
Date: Tue, 30 Jul 2024 17:17:18 +0800
Subject: [PATCH 2/2] fix(bt): Fix heap corruption in the call of
 esp_bt_mem_release on ESP32

Closes https://github.com/espressif/esp-idf/issues/14263
---
 components/bt/controller/esp32/bt.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/components/bt/controller/esp32/bt.c b/components/bt/controller/esp32/bt.c
index f2489b837a..d6cde29a57 100644
--- a/components/bt/controller/esp32/bt.c
+++ b/components/bt/controller/esp32/bt.c
@@ -1428,6 +1428,14 @@ esp_err_t esp_bt_mem_release(esp_bt_mode_t mode)
         .name  = "BT Controller Data"
     };
 
+    /*
+     * Free data and BSS section for Bluetooth controller ROM code.
+     * Note that rom mem release must be performed before section _bt_data_start to _bt_data_end is released,
+     * otherwise `btdm_dram_available_region` will no longer be available when performing rom mem release and
+     * thus causing heap corruption.
+     */
+    ret = esp_bt_controller_rom_mem_release(mode);
+
     if (mode == ESP_BT_MODE_BTDM) {
         /* Start by freeing Bluetooth BSS section */
         if (ret == ESP_OK) {
@@ -1440,11 +1448,6 @@ esp_err_t esp_bt_mem_release(esp_bt_mode_t mode)
         }
     }
 
-    /* free data and BSS section for Bluetooth controller ROM code */
-    if (ret == ESP_OK) {
-        ret = esp_bt_controller_rom_mem_release(mode);
-    }
-
     return ret;
 }