Merge branch 'bugfix/leedarson_v4.1' into 'release/v4.1'

component_bt: Fix some code logic errors (v4.1)

See merge request espressif/esp-idf!16039

components/bt/host/bluedroid/bta/gatt/bta_gattc_act.c

@@ -490,9 +490,14 @@ void bta_gattc_open(tBTA_GATTC_CLCB *p_clcb, tBTA_GATTC_DATA *p_data)
 {
     tBTA_GATTC_DATA gattc_data;
     BOOLEAN found_app = FALSE;
+    tGATT_TCB *p_tcb;
 
-    tGATT_TCB *p_tcb = gatt_find_tcb_by_addr(p_data->api_conn.remote_bda, BT_TRANSPORT_LE);
-    if(p_tcb && p_clcb && p_data) {
+    if (!p_clcb || !p_data) {
+        return;
+    }
+
+    p_tcb = gatt_find_tcb_by_addr(p_data->api_conn.remote_bda, BT_TRANSPORT_LE);
+    if(p_tcb) {
         found_app = gatt_find_specific_app_in_hold_link(p_tcb, p_clcb->p_rcb->client_if);
     }
     /* open/hold a connection */

components/bt/host/bluedroid/bta/gatt/bta_gattc_api.c

@@ -757,7 +757,7 @@ void BTA_GATTC_PrepareWriteCharDescr  (UINT16 conn_id, UINT16 handle,
                                        tBTA_GATT_AUTH_REQ auth_req)
 {
     tBTA_GATTC_API_WRITE  *p_buf;
-    UINT16  len = sizeof(tBTA_GATTC_API_WRITE) + p_data->len;
+    UINT16  len = sizeof(tBTA_GATTC_API_WRITE);
 
     if (p_data != NULL) {
         len += p_data->len;

components/bt/host/bluedroid/btc/core/btc_dm.c

@@ -394,6 +394,7 @@ static void btc_dm_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl)
             break;
         default:
             status =  BT_STATUS_FAIL;
+            break;
         }
     }
 #if (BTC_GAP_BT_INCLUDED == TRUE)

components/bt/host/bluedroid/btc/profile/std/gatt/btc_gattc.c

@@ -114,7 +114,7 @@ static void btc_gattc_copy_req_data(btc_msg_t *msg, void *p_dest, void *p_src)
     tBTA_GATTC *p_dest_data = (tBTA_GATTC *) p_dest;
     tBTA_GATTC *p_src_data = (tBTA_GATTC *) p_src;
 
-    if (!p_src_data || !p_dest_data) {
+    if (!p_src_data || !p_dest_data || !msg) {
         return;
     }
 

components/bt/host/bluedroid/hci/hci_hal_h4.c

@@ -229,11 +229,12 @@ static void hci_hal_h4_hdl_rx_packet(BT_HDR *packet)
 {
     uint8_t type, hdr_size;
     uint16_t length;
-    uint8_t *stream = packet->data + packet->offset;
+    uint8_t *stream = NULL;
 
     if (!packet) {
         return;
     }
+    stream = packet->data + packet->offset;
 
 #if (C2H_FLOW_CONTROL_INCLUDED == TRUE)
     hci_packet_complete(packet);

components/bt/host/bluedroid/stack/btm/btm_ble.c

@@ -826,6 +826,7 @@ BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr)
 tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, UINT16 tx_pdu_length)
 {
     tACL_CONN *p_acl = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE);
+
     BTM_TRACE_DEBUG("%s: tx_pdu_length =%d", __FUNCTION__, tx_pdu_length);
 
     if (!controller_get_interface()->supports_ble_packet_extension()) {
@@ -833,12 +834,12 @@ tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, UINT16 tx_pdu_length)
         return BTM_CONTROL_LE_DATA_LEN_UNSUPPORTED;
     }
 
-    if (!HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features)) {
-        BTM_TRACE_ERROR("%s failed, peer does not support request", __FUNCTION__);
-        return BTM_PEER_LE_DATA_LEN_UNSUPPORTED;
-    }
-
     if (p_acl != NULL) {
+        if (!HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features)) {
+            BTM_TRACE_ERROR("%s failed, peer does not support request", __FUNCTION__);
+            return BTM_PEER_LE_DATA_LEN_UNSUPPORTED;
+        }
+
         if (tx_pdu_length > BTM_BLE_DATA_SIZE_MAX) {
             tx_pdu_length =  BTM_BLE_DATA_SIZE_MAX;
         } else if (tx_pdu_length < BTM_BLE_DATA_SIZE_MIN) {

components/bt/host/bluedroid/stack/btm/btm_ble_gap.c

@@ -1435,6 +1435,8 @@ tBTM_STATUS BTM_BleSetAdvParamsAll(UINT16 adv_int_min, UINT16 adv_int_max, UINT8
 
     if (p_dir_bda) {
         memcpy(&p_cb->direct_bda, p_dir_bda, sizeof(tBLE_BD_ADDR));
+    } else {
+        return BTM_ILLEGAL_VALUE;
     }
 
     BTM_TRACE_EVENT ("update params for an active adv\n");
@@ -1765,8 +1767,10 @@ tBTM_STATUS BTM_UpdateBleDuplicateExceptionalList(uint8_t subcode, uint32_t type
                                                 tBTM_UPDATE_DUPLICATE_EXCEPTIONAL_LIST_CMPL_CBACK update_exceptional_list_cmp_cb)
 {
     tBTM_BLE_CB *ble_cb = &btm_cb.ble_ctr_cb;
-    ble_cb->update_exceptional_list_cmp_cb = update_exceptional_list_cmp_cb;
     tBTM_STATUS status = BTM_NO_RESOURCES;
+
+    ble_cb->update_exceptional_list_cmp_cb = update_exceptional_list_cmp_cb;
+
     if (!controller_get_interface()->supports_ble()) {
         return BTM_ILLEGAL_VALUE;
     }
@@ -1801,9 +1805,6 @@ tBTM_STATUS BTM_UpdateBleDuplicateExceptionalList(uint8_t subcode, uint32_t type
             //do nothing
             break;
     }
-    if(status == BTM_ILLEGAL_VALUE) {
-        return status;
-    }
 
     status = BTM_VendorSpecificCommand(HCI_VENDOR_BLE_UPDATE_DUPLICATE_EXCEPTIONAL_LIST, 1 + 4 + BD_ADDR_LEN, device_info_array, NULL);
     if(status == BTM_CMD_STARTED) {

components/bt/host/bluedroid/stack/btm/btm_sec.c

@@ -1521,8 +1521,8 @@ void BTM_ConfirmReqReply(tBTM_STATUS res, BD_ADDR bd_addr)
         if (res == BTM_SUCCESS) {
             if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) {
                 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED;
+                p_dev_rec->sec_flags |= BTM_SEC_16_DIGIT_PIN_AUTHED;
             }
-            p_dev_rec->sec_flags |= BTM_SEC_16_DIGIT_PIN_AUTHED;
         }
 
         btsnd_hcic_user_conf_reply (bd_addr, TRUE);

components/bt/host/bluedroid/stack/gatt/gatt_api.c

@@ -814,15 +814,15 @@ tGATT_STATUS GATTC_ConfigureMTU (UINT16 conn_id)
 
     GATT_TRACE_API ("GATTC_ConfigureMTU conn_id=%d mtu=%d", conn_id, mtu );
 
+    if ( (p_tcb == NULL) || (p_reg == NULL) || (mtu < GATT_DEF_BLE_MTU_SIZE) || (mtu > GATT_MAX_MTU_SIZE)) {
+        return GATT_ILLEGAL_PARAMETER;
+    }
+
     /* Validate that the link is BLE, not BR/EDR */
     if (p_tcb->transport != BT_TRANSPORT_LE) {
         return GATT_ERROR;
     }
 
-    if ( (p_tcb == NULL) || (p_reg == NULL) || (mtu < GATT_DEF_BLE_MTU_SIZE) || (mtu > GATT_MAX_MTU_SIZE)) {
-        return GATT_ILLEGAL_PARAMETER;
-    }
-
     if (gatt_is_clcb_allocated(conn_id)) {
         GATT_TRACE_ERROR("GATTC_ConfigureMTU GATT_BUSY conn_id = %d", conn_id);
         return GATT_BUSY;

components/bt/host/bluedroid/stack/gatt/gatt_auth.c

@@ -140,19 +140,20 @@ void gatt_verify_signature(tGATT_TCB *p_tcb, BT_HDR *p_buf)
 *******************************************************************************/
 void gatt_sec_check_complete(BOOLEAN sec_check_ok, tGATT_CLCB   *p_clcb, UINT8 sec_act)
 {
-    if (p_clcb && p_clcb->p_tcb &&
-        fixed_queue_is_empty(p_clcb->p_tcb->pending_enc_clcb)) {
-        gatt_set_sec_act(p_clcb->p_tcb, GATT_SEC_NONE);
-    }
+    if (p_clcb && p_clcb->p_tcb) {
+        if (fixed_queue_is_empty(p_clcb->p_tcb->pending_enc_clcb)) {
+            gatt_set_sec_act(p_clcb->p_tcb, GATT_SEC_NONE);
+        }
 #if (GATTC_INCLUDED == TRUE)
-    if (!sec_check_ok) {
-        gatt_end_operation(p_clcb, GATT_AUTH_FAIL, NULL);
-    } else if (p_clcb->operation == GATTC_OPTYPE_WRITE) {
-        gatt_act_write(p_clcb, sec_act);
-    } else if (p_clcb->operation == GATTC_OPTYPE_READ) {
-        gatt_act_read(p_clcb, p_clcb->counter);
-    }
+        if (!sec_check_ok) {
+            gatt_end_operation(p_clcb, GATT_AUTH_FAIL, NULL);
+        } else if (p_clcb->operation == GATTC_OPTYPE_WRITE) {
+            gatt_act_write(p_clcb, sec_act);
+        } else if (p_clcb->operation == GATTC_OPTYPE_READ) {
+            gatt_act_read(p_clcb, p_clcb->counter);
+        }
 #endif  ///GATTC_INCLUDED == TRUE
+    }
 }
 /*******************************************************************************
 **

components/bt/host/bluedroid/stack/include/stack/l2cdefs.h

@@ -257,11 +257,6 @@
 #define L2CAP_EXTFEA_EXT_WINDOW     0x00000100    /* Extended Window Size                   */
 #define L2CAP_EXTFEA_UCD_RECEPTION  0x00000200    /* Unicast Connectionless Data Reception  */
 
-/* Mask for locally supported features used in Information Response (default to none) */
-#ifndef L2CAP_EXTFEA_SUPPORTED_MASK
-#define L2CAP_EXTFEA_SUPPORTED_MASK 0
-#endif
-
 /* Mask for LE supported features used in Information Response (default to none) */
 #ifndef L2CAP_BLE_EXTFEA_MASK
 #define L2CAP_BLE_EXTFEA_MASK 0

components/bt/host/bluedroid/stack/l2cap/l2c_api.c

@@ -1718,13 +1718,9 @@ BOOLEAN L2CA_ConnectFixedChnl (UINT16 fixed_cid, BD_ADDR rem_bda, tBLE_ADDR_TYPE
             return TRUE;
         }
 
-#if BLE_INCLUDED == TRUE
-        (*l2cb.fixed_reg[fixed_cid - L2CAP_FIRST_FIXED_CHNL].pL2CA_FixedConn_Cb)
-        (fixed_cid, p_lcb->remote_bd_addr, TRUE, 0, p_lcb->transport);
-#else
         (*l2cb.fixed_reg[fixed_cid - L2CAP_FIRST_FIXED_CHNL].pL2CA_FixedConn_Cb)
-        (fixed_cid, p_lcb->remote_bd_addr, TRUE, 0, BT_TRANSPORT_BR_EDR);
-#endif
+        (fixed_cid, p_lcb->remote_bd_addr, TRUE, 0, transport);
+
         return TRUE;
     }
 

components/bt/host/bluedroid/stack/l2cap/l2c_ble.c

@@ -1113,6 +1113,8 @@ void l2cble_update_data_length(tL2C_LCB *p_lcb)
 void l2cble_process_data_length_change_event(UINT16 handle, UINT16 tx_data_len, UINT16 rx_data_len)
 {
     tL2C_LCB *p_lcb = l2cu_find_lcb_by_handle(handle);
+    tACL_CONN *p_acl = btm_handle_to_acl(handle);
+    tBTM_LE_SET_PKT_DATA_LENGTH_PARAMS data_length_params;
 
     L2CAP_TRACE_DEBUG("%s TX data len = %d", __FUNCTION__, tx_data_len);
     if (p_lcb == NULL) {
@@ -1123,16 +1125,15 @@ void l2cble_process_data_length_change_event(UINT16 handle, UINT16 tx_data_len,
         p_lcb->tx_data_len = tx_data_len;
     }
 
-    tACL_CONN *p_acl = btm_handle_to_acl(handle);
-    tBTM_LE_SET_PKT_DATA_LENGTH_PARAMS data_length_params;
     data_length_params.rx_len = rx_data_len;
     data_length_params.tx_len = tx_data_len;
-    p_acl->data_length_params = data_length_params;
-    if (p_acl != NULL && p_acl->p_set_pkt_data_cback){
-       (*p_acl->p_set_pkt_data_cback)(BTM_SUCCESS, &data_length_params);
-    }
 
     if(p_acl) {
+        p_acl->data_length_params = data_length_params;
+        if (p_acl->p_set_pkt_data_cback) {
+            (*p_acl->p_set_pkt_data_cback)(BTM_SUCCESS, &data_length_params);
+        }
+
         p_acl->data_len_updating = false;
         if(p_acl->data_len_waiting) {
             p_acl->data_len_waiting = false;

components/bt/host/bluedroid/stack/l2cap/l2c_main.c

@@ -940,8 +940,8 @@ void l2c_process_timeout (TIMER_LIST_ENT *p_tle)
         if (p_lcb){
             p_lcb->conn_update_mask &= ~L2C_BLE_UPDATE_PENDING;
             p_lcb->conn_update_mask &= ~L2C_BLE_UPDATE_PARAM_FULL;
+            l2c_send_update_conn_params_cb(p_lcb, status);
         }
-        l2c_send_update_conn_params_cb(p_lcb, status);
 #endif  ///BLE_INCLUDED == TRUE
         break;
     }