fix(bt/bluedroid): Fix memory leak of gattc cache upon disconnection

components/bt/host/bluedroid/bta/dm/bta_dm_act.c

@@ -982,10 +982,6 @@ static void bta_dm_process_remove_device(BD_ADDR bd_addr, tBT_TRANSPORT transpor
 
     BTM_SecDeleteDevice(bd_addr, transport);
 
-#if (BLE_INCLUDED == TRUE && GATTC_INCLUDED == TRUE)
-    /* remove all cached GATT information */
-    BTA_GATTC_Refresh(bd_addr, false);
-#endif
     if (bta_dm_cb.p_sec_cback) {
         tBTA_DM_SEC sec_event;
         bdcpy(sec_event.link_down.bd_addr, bd_addr);
@@ -1140,8 +1136,6 @@ void bta_dm_close_acl(tBTA_DM_MSG *p_data)
 #if (BLE_INCLUDED == TRUE && GATTC_INCLUDED == TRUE)
         /* need to remove all pending background connection if any */
         BTA_GATTC_CancelOpen(0, p_remove_acl->bd_addr, FALSE);
-        /* remove all cached GATT information */
-        BTA_GATTC_Refresh(p_remove_acl->bd_addr, false);
 #endif
     }
     /* otherwise, no action needed */
@@ -3670,8 +3664,6 @@ void bta_dm_acl_change(tBTA_DM_MSG *p_data)
 #if (BLE_INCLUDED == TRUE && GATTC_INCLUDED == TRUE)
             /* need to remove all pending background connection */
             BTA_GATTC_CancelOpen(0, p_bda, FALSE);
-            /* remove all cached GATT information */
-            BTA_GATTC_Refresh(p_bda, false);
 #endif
         }
 
@@ -3849,8 +3841,6 @@ static BOOLEAN bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr)
 #if (BLE_INCLUDED == TRUE && GATTC_INCLUDED == TRUE)
         /* need to remove all pending background connection */
         BTA_GATTC_CancelOpen(0, remote_bd_addr, FALSE);
-        /* remove all cached GATT information */
-        BTA_GATTC_Refresh(remote_bd_addr, false);
 #endif
     }
     return is_device_deleted;

components/bt/host/bluedroid/bta/gatt/bta_gattc_act.c

@@ -823,8 +823,6 @@ void bta_gattc_close(tBTA_GATTC_CLCB *p_clcb, tBTA_GATTC_DATA *p_data)
         bta_sys_conn_close( BTA_ID_GATTC , BTA_ALL_APP_ID, p_clcb->bda);
     }
 
-    bta_gattc_clcb_dealloc(p_clcb);
-
     if (p_data->hdr.event == BTA_GATTC_API_CLOSE_EVT) {
         cb_data.close.status = GATT_Disconnect(p_data->hdr.layer_specific);
     } else if (p_data->hdr.event == BTA_GATTC_INT_DISCONN_EVT) {

components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c

@@ -322,6 +322,15 @@ void bta_gattc_clcb_dealloc(tBTA_GATTC_CLCB *p_clcb)
     }
 }
 
+void bta_gattc_clcb_dealloc_by_conn_id(UINT16 conn_id)
+{
+    tBTA_GATTC_CLCB *p_clcb = bta_gattc_find_clcb_by_conn_id(conn_id);
+
+    if (p_clcb) {
+        bta_gattc_clcb_dealloc(p_clcb);
+    }
+}
+
 /*******************************************************************************
 **
 ** Function         bta_gattc_find_srcb
@@ -421,6 +430,7 @@ tBTA_GATTC_SERV *bta_gattc_srcb_alloc(BD_ADDR bda)
     {
         if (p_tcb->p_srvc_cache != NULL) {
             list_free(p_tcb->p_srvc_cache);
+            p_tcb->p_srvc_cache = NULL;
         }
         osi_free(p_tcb->p_srvc_list);
         p_tcb->p_srvc_list = NULL;

components/bt/host/bluedroid/bta/include/bta/bta_gatt_api.h

@@ -1569,6 +1569,8 @@ extern void BTA_GATTS_Listen(tBTA_GATTS_IF server_if, BOOLEAN start,
 *******************************************************************************/
 extern void BTA_GATTS_ShowLocalDatabase(void);
 
+extern void bta_gattc_clcb_dealloc_by_conn_id(UINT16 conn_id);
+
 #ifdef __cplusplus
 
 }

components/bt/host/bluedroid/btc/profile/std/gatt/btc_gattc.c

@@ -940,6 +940,8 @@ void btc_gattc_cb_handler(btc_msg_t *msg)
     case BTA_GATTC_CLOSE_EVT: {
         tBTA_GATTC_CLOSE *close = &arg->close;
 
+        // Free gattc clcb in BTC task to avoid race condition
+        bta_gattc_clcb_dealloc_by_conn_id(close->conn_id);
         gattc_if = close->client_if;
         param.close.status = close->status;
         param.close.conn_id = BTC_GATT_GET_CONN_ID(close->conn_id);