From e4e23087ee4b3e2d86ba44799daccb7a2e5cd781 Mon Sep 17 00:00:00 2001 From: chenjianhua Date: Mon, 9 Sep 2024 19:47:47 +0800 Subject: [PATCH] fix(bt/bluedroid): Fixed access fault when reading BLE controller information fails --- .../bt/host/bluedroid/device/controller.c | 2 +- .../bt/host/bluedroid/hci/hci_packet_parser.c | 19 +++++++++---- .../bluedroid/stack/include/stack/hcidefs.h | 28 ++++++++++++------- 3 files changed, 33 insertions(+), 16 deletions(-) diff --git a/components/bt/host/bluedroid/device/controller.c b/components/bt/host/bluedroid/device/controller.c index beb7d676d4..dee7908592 100644 --- a/components/bt/host/bluedroid/device/controller.c +++ b/components/bt/host/bluedroid/device/controller.c @@ -269,7 +269,7 @@ static void start_up(void) #endif //#if (BLE_50_FEATURE_SUPPORT == TRUE) #if (BLE_50_FEATURE_SUPPORT == TRUE && BLE_42_FEATURE_SUPPORT == FALSE) - if (HCI_LE_ENHANCED_PRIVACY_SUPPORTED(controller_param.features_ble.as_array)) { + if (HCI_LE_EXT_ADV_SUPPORTED(controller_param.features_ble.as_array)) { response = AWAIT_COMMAND(controller_param.packet_factory->make_read_max_adv_data_len()); controller_param.packet_parser->parse_ble_read_adv_max_len_response( response, diff --git a/components/bt/host/bluedroid/hci/hci_packet_parser.c b/components/bt/host/bluedroid/hci/hci_packet_parser.c index 885153764e..1ee5033112 100644 --- a/components/bt/host/bluedroid/hci/hci_packet_parser.c +++ b/components/bt/host/bluedroid/hci/hci_packet_parser.c @@ -186,7 +186,9 @@ static void parse_ble_read_resolving_list_size_response( { uint8_t *stream = read_command_complete_header(response, HCI_BLE_READ_RESOLVING_LIST_SIZE, 1 /* bytes after */); - STREAM_TO_UINT8(*resolving_list_size_ptr, stream); + if (stream) { + STREAM_TO_UINT8(*resolving_list_size_ptr, stream); + } osi_free(response); } @@ -198,10 +200,14 @@ static void parse_ble_read_suggested_default_data_length_response( { uint8_t *stream = read_command_complete_header(response, HCI_BLE_READ_DEFAULT_DATA_LENGTH, 2 /* bytes after */); - STREAM_TO_UINT16(*ble_default_packet_length_ptr, stream); - STREAM_TO_UINT16(*ble_default_packet_txtime_ptr, stream); + if (stream) { + STREAM_TO_UINT16(*ble_default_packet_length_ptr, stream); + STREAM_TO_UINT16(*ble_default_packet_txtime_ptr, stream); + } + osi_free(response); } + #if (BLE_50_FEATURE_SUPPORT == TRUE) static void parse_ble_read_adv_max_len_response( BT_HDR *response, @@ -209,8 +215,10 @@ static void parse_ble_read_adv_max_len_response( { uint8_t *stream = read_command_complete_header(response, HCI_BLE_RD_MAX_ADV_DATA_LEN, 1 /* bytes after */); - // Size: 2 Octets ; Value: 0x001F – 0x0672 ; Maximum supported advertising data length - STREAM_TO_UINT16(*adv_max_len_ptr, stream); + if (stream) { + // Size: 2 Octets ; Value: 0x001F – 0x0672 ; Maximum supported advertising data length + STREAM_TO_UINT16(*adv_max_len_ptr, stream); + } osi_free(response); } @@ -254,6 +262,7 @@ static uint8_t *read_command_complete_header( STREAM_TO_UINT8(status, stream); if (status != HCI_SUCCESS) { + HCI_TRACE_ERROR("%s failed: opcode 0x%04x, status 0x%02x", __func__, opcode, status); return NULL; } diff --git a/components/bt/host/bluedroid/stack/include/stack/hcidefs.h b/components/bt/host/bluedroid/stack/include/stack/hcidefs.h index 21b1488173..b77e885476 100644 --- a/components/bt/host/bluedroid/stack/include/stack/hcidefs.h +++ b/components/bt/host/bluedroid/stack/include/stack/hcidefs.h @@ -1871,42 +1871,50 @@ typedef struct { #define HCI_PING_SUPPORTED(x) ((x)[HCI_EXT_FEATURE_PING_OFF] & HCI_EXT_FEATURE_PING_MASK) /* -** LE features encoding - page 0 (the only page for now) +** LE features encoding - page 0 */ -/* LE Encryption */ +/* LE Encryption: bit 0 */ #define HCI_LE_FEATURE_LE_ENCRYPTION_MASK 0x01 #define HCI_LE_FEATURE_LE_ENCRYPTION_OFF 0 #define HCI_LE_ENCRYPTION_SUPPORTED(x) ((x)[HCI_LE_FEATURE_LE_ENCRYPTION_OFF] & HCI_LE_FEATURE_LE_ENCRYPTION_MASK) -/* Connection Parameters Request Procedure */ +/* Connection Parameters Request Procedure: bit 1 */ #define HCI_LE_FEATURE_CONN_PARAM_REQ_MASK 0x02 #define HCI_LE_FEATURE_CONN_PARAM_REQ_OFF 0 #define HCI_LE_CONN_PARAM_REQ_SUPPORTED(x) ((x)[HCI_LE_FEATURE_CONN_PARAM_REQ_OFF] & HCI_LE_FEATURE_CONN_PARAM_REQ_MASK) -/* Extended Reject Indication */ +/* Extended Reject Indication: bit 2 */ #define HCI_LE_FEATURE_EXT_REJ_IND_MASK 0x04 #define HCI_LE_FEATURE_EXT_REJ_IND_OFF 0 #define HCI_LE_EXT_REJ_IND_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_REJ_IND_OFF] & HCI_LE_FEATURE_EXT_REJ_IND_MASK) -/* Slave-initiated Features Exchange */ +/* Slave-initiated Features Exchange: bit 3 */ #define HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_MASK 0x08 #define HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_OFF 0 #define HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(x) ((x)[HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_OFF] & HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_MASK) +/* LE Data Packet Length Extension: bit 5 */ +#define HCI_LE_FEATURE_DATA_LEN_EXT_MASK 0x20 +#define HCI_LE_FEATURE_DATA_LEN_EXT_OFF 0 +#define HCI_LE_DATA_LEN_EXT_SUPPORTED(x) ((x)[HCI_LE_FEATURE_DATA_LEN_EXT_OFF] & HCI_LE_FEATURE_DATA_LEN_EXT_MASK) + /* Enhanced privacy Feature: bit 6 */ #define HCI_LE_FEATURE_ENHANCED_PRIVACY_MASK 0x40 #define HCI_LE_FEATURE_ENHANCED_PRIVACY_OFF 0 #define HCI_LE_ENHANCED_PRIVACY_SUPPORTED(x) ((x)[HCI_LE_FEATURE_ENHANCED_PRIVACY_OFF] & HCI_LE_FEATURE_ENHANCED_PRIVACY_MASK) -/* Extended scanner filter policy : 7 */ +/* Extended scanner filter policy: bit 7 */ #define HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_MASK 0x80 #define HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_OFF 0 #define HCI_LE_EXT_SCAN_FILTER_POLICY_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_OFF] & HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_MASK) -/* Slave-initiated Features Exchange */ -#define HCI_LE_FEATURE_DATA_LEN_EXT_MASK 0x20 -#define HCI_LE_FEATURE_DATA_LEN_EXT_OFF 0 -#define HCI_LE_DATA_LEN_EXT_SUPPORTED(x) ((x)[HCI_LE_FEATURE_DATA_LEN_EXT_OFF] & HCI_LE_FEATURE_DATA_LEN_EXT_MASK) +/* +** LE features encoding - page 1 +*/ +/* LE Extended Advertising: bit 12 */ +#define HCI_LE_FEATURE_EXT_ADV_MASK 0x10 +#define HCI_LE_FEATURE_EXT_ADV_OFF 1 +#define HCI_LE_EXT_ADV_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_ADV_OFF] & HCI_LE_FEATURE_EXT_ADV_MASK) /* ** Local Supported Commands encoding