fix(bt/bluedroid): Fixed access fault when reading BLE controller information fails

This commit is contained in:
chenjianhua 2024-09-09 19:47:47 +08:00 committed by BOT
parent e4a372ab76
commit e4e23087ee
3 changed files with 33 additions and 16 deletions

View File

@ -269,7 +269,7 @@ static void start_up(void)
#endif //#if (BLE_50_FEATURE_SUPPORT == TRUE) #endif //#if (BLE_50_FEATURE_SUPPORT == TRUE)
#if (BLE_50_FEATURE_SUPPORT == TRUE && BLE_42_FEATURE_SUPPORT == FALSE) #if (BLE_50_FEATURE_SUPPORT == TRUE && BLE_42_FEATURE_SUPPORT == FALSE)
if (HCI_LE_ENHANCED_PRIVACY_SUPPORTED(controller_param.features_ble.as_array)) { if (HCI_LE_EXT_ADV_SUPPORTED(controller_param.features_ble.as_array)) {
response = AWAIT_COMMAND(controller_param.packet_factory->make_read_max_adv_data_len()); response = AWAIT_COMMAND(controller_param.packet_factory->make_read_max_adv_data_len());
controller_param.packet_parser->parse_ble_read_adv_max_len_response( controller_param.packet_parser->parse_ble_read_adv_max_len_response(
response, response,

View File

@ -186,7 +186,9 @@ static void parse_ble_read_resolving_list_size_response(
{ {
uint8_t *stream = read_command_complete_header(response, HCI_BLE_READ_RESOLVING_LIST_SIZE, 1 /* bytes after */); uint8_t *stream = read_command_complete_header(response, HCI_BLE_READ_RESOLVING_LIST_SIZE, 1 /* bytes after */);
STREAM_TO_UINT8(*resolving_list_size_ptr, stream); if (stream) {
STREAM_TO_UINT8(*resolving_list_size_ptr, stream);
}
osi_free(response); osi_free(response);
} }
@ -198,10 +200,14 @@ static void parse_ble_read_suggested_default_data_length_response(
{ {
uint8_t *stream = read_command_complete_header(response, HCI_BLE_READ_DEFAULT_DATA_LENGTH, 2 /* bytes after */); uint8_t *stream = read_command_complete_header(response, HCI_BLE_READ_DEFAULT_DATA_LENGTH, 2 /* bytes after */);
STREAM_TO_UINT16(*ble_default_packet_length_ptr, stream); if (stream) {
STREAM_TO_UINT16(*ble_default_packet_txtime_ptr, stream); STREAM_TO_UINT16(*ble_default_packet_length_ptr, stream);
STREAM_TO_UINT16(*ble_default_packet_txtime_ptr, stream);
}
osi_free(response); osi_free(response);
} }
#if (BLE_50_FEATURE_SUPPORT == TRUE) #if (BLE_50_FEATURE_SUPPORT == TRUE)
static void parse_ble_read_adv_max_len_response( static void parse_ble_read_adv_max_len_response(
BT_HDR *response, BT_HDR *response,
@ -209,8 +215,10 @@ static void parse_ble_read_adv_max_len_response(
{ {
uint8_t *stream = read_command_complete_header(response, HCI_BLE_RD_MAX_ADV_DATA_LEN, 1 /* bytes after */); uint8_t *stream = read_command_complete_header(response, HCI_BLE_RD_MAX_ADV_DATA_LEN, 1 /* bytes after */);
// Size: 2 Octets ; Value: 0x001F 0x0672 ; Maximum supported advertising data length if (stream) {
STREAM_TO_UINT16(*adv_max_len_ptr, stream); // Size: 2 Octets ; Value: 0x001F 0x0672 ; Maximum supported advertising data length
STREAM_TO_UINT16(*adv_max_len_ptr, stream);
}
osi_free(response); osi_free(response);
} }
@ -254,6 +262,7 @@ static uint8_t *read_command_complete_header(
STREAM_TO_UINT8(status, stream); STREAM_TO_UINT8(status, stream);
if (status != HCI_SUCCESS) { if (status != HCI_SUCCESS) {
HCI_TRACE_ERROR("%s failed: opcode 0x%04x, status 0x%02x", __func__, opcode, status);
return NULL; return NULL;
} }

View File

@ -1871,42 +1871,50 @@ typedef struct {
#define HCI_PING_SUPPORTED(x) ((x)[HCI_EXT_FEATURE_PING_OFF] & HCI_EXT_FEATURE_PING_MASK) #define HCI_PING_SUPPORTED(x) ((x)[HCI_EXT_FEATURE_PING_OFF] & HCI_EXT_FEATURE_PING_MASK)
/* /*
** LE features encoding - page 0 (the only page for now) ** LE features encoding - page 0
*/ */
/* LE Encryption */ /* LE Encryption: bit 0 */
#define HCI_LE_FEATURE_LE_ENCRYPTION_MASK 0x01 #define HCI_LE_FEATURE_LE_ENCRYPTION_MASK 0x01
#define HCI_LE_FEATURE_LE_ENCRYPTION_OFF 0 #define HCI_LE_FEATURE_LE_ENCRYPTION_OFF 0
#define HCI_LE_ENCRYPTION_SUPPORTED(x) ((x)[HCI_LE_FEATURE_LE_ENCRYPTION_OFF] & HCI_LE_FEATURE_LE_ENCRYPTION_MASK) #define HCI_LE_ENCRYPTION_SUPPORTED(x) ((x)[HCI_LE_FEATURE_LE_ENCRYPTION_OFF] & HCI_LE_FEATURE_LE_ENCRYPTION_MASK)
/* Connection Parameters Request Procedure */ /* Connection Parameters Request Procedure: bit 1 */
#define HCI_LE_FEATURE_CONN_PARAM_REQ_MASK 0x02 #define HCI_LE_FEATURE_CONN_PARAM_REQ_MASK 0x02
#define HCI_LE_FEATURE_CONN_PARAM_REQ_OFF 0 #define HCI_LE_FEATURE_CONN_PARAM_REQ_OFF 0
#define HCI_LE_CONN_PARAM_REQ_SUPPORTED(x) ((x)[HCI_LE_FEATURE_CONN_PARAM_REQ_OFF] & HCI_LE_FEATURE_CONN_PARAM_REQ_MASK) #define HCI_LE_CONN_PARAM_REQ_SUPPORTED(x) ((x)[HCI_LE_FEATURE_CONN_PARAM_REQ_OFF] & HCI_LE_FEATURE_CONN_PARAM_REQ_MASK)
/* Extended Reject Indication */ /* Extended Reject Indication: bit 2 */
#define HCI_LE_FEATURE_EXT_REJ_IND_MASK 0x04 #define HCI_LE_FEATURE_EXT_REJ_IND_MASK 0x04
#define HCI_LE_FEATURE_EXT_REJ_IND_OFF 0 #define HCI_LE_FEATURE_EXT_REJ_IND_OFF 0
#define HCI_LE_EXT_REJ_IND_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_REJ_IND_OFF] & HCI_LE_FEATURE_EXT_REJ_IND_MASK) #define HCI_LE_EXT_REJ_IND_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_REJ_IND_OFF] & HCI_LE_FEATURE_EXT_REJ_IND_MASK)
/* Slave-initiated Features Exchange */ /* Slave-initiated Features Exchange: bit 3 */
#define HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_MASK 0x08 #define HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_MASK 0x08
#define HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_OFF 0 #define HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_OFF 0
#define HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(x) ((x)[HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_OFF] & HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_MASK) #define HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(x) ((x)[HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_OFF] & HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_MASK)
/* LE Data Packet Length Extension: bit 5 */
#define HCI_LE_FEATURE_DATA_LEN_EXT_MASK 0x20
#define HCI_LE_FEATURE_DATA_LEN_EXT_OFF 0
#define HCI_LE_DATA_LEN_EXT_SUPPORTED(x) ((x)[HCI_LE_FEATURE_DATA_LEN_EXT_OFF] & HCI_LE_FEATURE_DATA_LEN_EXT_MASK)
/* Enhanced privacy Feature: bit 6 */ /* Enhanced privacy Feature: bit 6 */
#define HCI_LE_FEATURE_ENHANCED_PRIVACY_MASK 0x40 #define HCI_LE_FEATURE_ENHANCED_PRIVACY_MASK 0x40
#define HCI_LE_FEATURE_ENHANCED_PRIVACY_OFF 0 #define HCI_LE_FEATURE_ENHANCED_PRIVACY_OFF 0
#define HCI_LE_ENHANCED_PRIVACY_SUPPORTED(x) ((x)[HCI_LE_FEATURE_ENHANCED_PRIVACY_OFF] & HCI_LE_FEATURE_ENHANCED_PRIVACY_MASK) #define HCI_LE_ENHANCED_PRIVACY_SUPPORTED(x) ((x)[HCI_LE_FEATURE_ENHANCED_PRIVACY_OFF] & HCI_LE_FEATURE_ENHANCED_PRIVACY_MASK)
/* Extended scanner filter policy : 7 */ /* Extended scanner filter policy: bit 7 */
#define HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_MASK 0x80 #define HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_MASK 0x80
#define HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_OFF 0 #define HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_OFF 0
#define HCI_LE_EXT_SCAN_FILTER_POLICY_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_OFF] & HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_MASK) #define HCI_LE_EXT_SCAN_FILTER_POLICY_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_OFF] & HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_MASK)
/* Slave-initiated Features Exchange */ /*
#define HCI_LE_FEATURE_DATA_LEN_EXT_MASK 0x20 ** LE features encoding - page 1
#define HCI_LE_FEATURE_DATA_LEN_EXT_OFF 0 */
#define HCI_LE_DATA_LEN_EXT_SUPPORTED(x) ((x)[HCI_LE_FEATURE_DATA_LEN_EXT_OFF] & HCI_LE_FEATURE_DATA_LEN_EXT_MASK) /* LE Extended Advertising: bit 12 */
#define HCI_LE_FEATURE_EXT_ADV_MASK 0x10
#define HCI_LE_FEATURE_EXT_ADV_OFF 1
#define HCI_LE_EXT_ADV_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_ADV_OFF] & HCI_LE_FEATURE_EXT_ADV_MASK)
/* /*
** Local Supported Commands encoding ** Local Supported Commands encoding