Inicio Explorar Ayuda
Iniciar sesión
RT-Thread-packages
/
esp-idf
espejo de https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

Merge branch 'bugfix/btdm_fix_set_attr_value_crash_when_length_is_0' into 'master'

component/bt: fix crash when the length of attr value set zero

See merge request !1397

Jiang Jiang Jian hace 8 años
padre
90be957af1 520b3340f6
commit
a0ad3ff008
Se han modificado 2 ficheros con 5 adiciones y 1 borrados
Dividir vista Mostrar estadísticas de diff
  1. 2 0
      components/bt/bluedroid/bta/gatt/bta_gatts_api.c
  2. 3 1
      components/bt/bluedroid/stack/gatt/gatt_api.c

+ 2 - 0
components/bt/bluedroid/bta/gatt/bta_gatts_api.c
Ver fichero 

@@ -474,8 +474,10 @@ void BTA_GATTS_SendRsp (UINT16 conn_id, UINT32 trans_id,
 
 void BTA_SetAttributeValue(UINT16 attr_handle, UINT16 length, UINT8 *value)
 
 {
 
     tBTA_GATTS_API_SET_ATTR_VAL *p_buf;
 
+    UINT16  len = sizeof(tBTA_GATTS_API_SET_ATTR_VAL);
 
     if((p_buf = (tBTA_GATTS_API_SET_ATTR_VAL *)osi_malloc(
 
                     sizeof(tBTA_GATTS_API_SET_ATTR_VAL))) != NULL){
 
+        memset(p_buf, 0, len);
 
         p_buf->hdr.event = BTA_GATTS_API_SET_ATTR_VAL_EVT;
 
         p_buf->hdr.layer_specific = attr_handle;
 
         p_buf->length = length;

+ 3 - 1
components/bt/bluedroid/stack/gatt/gatt_api.c
Ver fichero 

@@ -723,7 +723,9 @@ tGATT_STATUS GATTS_SetAttributeValue(UINT16 attr_handle, UINT16 length, UINT8 *v
 
 
     GATT_TRACE_DEBUG("GATTS_SetAttributeValue: attr_handle: %u  length: %u \n",
 
                     attr_handle, length);
 
-
 
+    if (length <= 0){
 
+        return GATT_INVALID_ATTR_LEN;
 
+    }
 
     if ((p_decl = gatt_find_hdl_buffer_by_attr_handle(attr_handle)) == NULL) {
 
         GATT_TRACE_DEBUG("Service not created\n"); 
         return GATT_INVALID_HANDLE;