diff --git a/components/bt/bluedroid/bta/gatt/bta_gattc_act.c b/components/bt/bluedroid/bta/gatt/bta_gattc_act.c index 2ee7bdb09d..9a270d80fa 100644 --- a/components/bt/bluedroid/bta/gatt/bta_gattc_act.c +++ b/components/bt/bluedroid/bta/gatt/bta_gattc_act.c @@ -1472,6 +1472,9 @@ static void bta_gattc_pop_command_to_send(tBTA_GATTC_CLCB *p_clcb) if (p_data != NULL) { /* execute pending operation of link block still present */ if (l2cu_find_lcb_by_bd_addr(p_clcb->p_srcb->server_bda, BT_TRANSPORT_LE) != NULL) { + if (p_data->hdr.event == BTA_GATTC_API_WRITE_EVT) { + APPL_TRACE_ERROR("%s(), p_data = %d", __func__, p_data->api_write.p_value[0]); + } // The data to be sent to the gattc state machine for processing if(bta_gattc_sm_execute(p_clcb, p_data->hdr.event, p_data)) { list_remove(p_clcb->p_cmd_list, (void *)p_data); @@ -1491,6 +1494,7 @@ static void bta_gattc_pop_command_to_send(tBTA_GATTC_CLCB *p_clcb) *******************************************************************************/ void bta_gattc_free_command_data(tBTA_GATTC_CLCB *p_clcb) { + assert(p_clcb->p_cmd_list); //Check the list is empty or not. if (!list_is_empty(p_clcb->p_cmd_list)) { /* Traversal the command queue, check the p_q_cmd is point to the queue data or not, if the p_q_cmd point to the diff --git a/components/bt/bluedroid/bta/gatt/bta_gattc_utils.c b/components/bt/bluedroid/bta/gatt/bta_gattc_utils.c index 425440ae5b..75924882bc 100644 --- a/components/bt/bluedroid/bta/gatt/bta_gattc_utils.c +++ b/components/bt/bluedroid/bta/gatt/bta_gattc_utils.c @@ -48,6 +48,8 @@ static const UINT8 base_uuid[LEN_UUID_128] = {0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x0 static const BD_ADDR dummy_bda = {0, 0, 0, 0, 0, 0}; +#define GATTC_COMMAND_QUEUE_SIZE_MAX 30 + /******************************************************************************* ** ** Function bta_gatt_convert_uuid16_to_uuid128 @@ -452,13 +454,28 @@ BOOLEAN bta_gattc_enqueue(tBTA_GATTC_CLCB *p_clcb, tBTA_GATTC_DATA *p_data) return FALSE; } else if (p_clcb->p_cmd_list) { - void *cmd_data = osi_malloc(sizeof(tBTA_GATTC_DATA)); - if (cmd_data) { + UINT16 len = 0; + tBTA_GATTC_DATA *cmd_data = NULL; + if (list_length(p_clcb->p_cmd_list) >= GATTC_COMMAND_QUEUE_SIZE_MAX) { + //APPL_TRACE_ERROR("%s(), the gattc command queue is full." __func__); + return FALSE; + } + + if (p_data->hdr.event == BTA_GATTC_API_WRITE_EVT) { + len = p_data->api_write.len; + cmd_data = (tBTA_GATTC_DATA *)osi_malloc(sizeof(tBTA_GATTC_DATA) + len); + + cmd_data->api_write.p_value = (UINT8 *)(cmd_data + 1); + memcpy(cmd_data, p_data, sizeof(tBTA_GATTC_DATA)); + memcpy(cmd_data->api_write.p_value, p_data->api_write.p_value, len); + } else { + cmd_data = (tBTA_GATTC_DATA *)osi_malloc(sizeof(tBTA_GATTC_DATA)); memset(cmd_data, 0, sizeof(tBTA_GATTC_DATA)); memcpy(cmd_data, p_data, sizeof(tBTA_GATTC_DATA)); - //store the command to the command list. - list_append(p_clcb->p_cmd_list, cmd_data); } + + //store the command to the command list. + list_append(p_clcb->p_cmd_list, (void *)cmd_data); return FALSE; } diff --git a/components/bt/bluedroid/btc/profile/std/gatt/btc_gattc.c b/components/bt/bluedroid/btc/profile/std/gatt/btc_gattc.c index 37f17fcca2..0d9ce7cd05 100644 --- a/components/bt/bluedroid/btc/profile/std/gatt/btc_gattc.c +++ b/components/bt/bluedroid/btc/profile/std/gatt/btc_gattc.c @@ -251,7 +251,7 @@ static void btc_gattc_fill_gatt_db_conversion(uint16_t count, uint16_t num, esp_ } case ESP_GATT_DB_DESCRIPTOR: { esp_gattc_descr_elem_t *descr_result = (esp_gattc_descr_elem_t *)result; - for (int i = 0; i < (num - offset); i++) { + for (int i = 0; i < db_size; i++) { descr_result->handle = db[offset + i].attribute_handle; btc128_to_bta_uuid(&bta_uuid, db[offset + i].uuid.uu); bta_to_btc_uuid(&descr_result->uuid, &bta_uuid);