From 84aeb2823af3143bf15082b232ad0adb4531ff79 Mon Sep 17 00:00:00 2001 From: Yulong Date: Tue, 9 May 2017 03:06:29 -0400 Subject: [PATCH 1/2] component/bt: fix the exception in attp_buil_sr_msg when handling gatt write bug. bug number #12124. --- components/bt/bluedroid/stack/gatt/att_protocol.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/components/bt/bluedroid/stack/gatt/att_protocol.c b/components/bt/bluedroid/stack/gatt/att_protocol.c index 15bd0b2303..62bb12019c 100644 --- a/components/bt/bluedroid/stack/gatt/att_protocol.c +++ b/components/bt/bluedroid/stack/gatt/att_protocol.c @@ -378,6 +378,10 @@ BT_HDR *attp_build_sr_msg(tGATT_TCB *p_tcb, UINT8 op_code, tGATT_SR_MSG *p_msg) switch (op_code) { case GATT_RSP_READ_BLOB: case GATT_RSP_PREPARE_WRITE: + if (p_msg == NULL) { + GATT_TRACE_ERROR("Invalid prepare write response or read blob response, the rsp_msg can't be NULL."); + return NULL; + } GATT_TRACE_EVENT ("ATT_RSP_READ_BLOB/GATT_RSP_PREPARE_WRITE: len = %d offset = %d", p_msg->attr_value.len, p_msg->attr_value.offset); offset = p_msg->attr_value.offset; From e9dc0115fc3bff52d59acaddfe599837722fa5c8 Mon Sep 17 00:00:00 2001 From: island Date: Fri, 12 May 2017 14:30:33 +0800 Subject: [PATCH 2/2] component/bt: Add parameter check for attp_build_sr_msg function --- .../bt/bluedroid/stack/gatt/att_protocol.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/components/bt/bluedroid/stack/gatt/att_protocol.c b/components/bt/bluedroid/stack/gatt/att_protocol.c index 62bb12019c..28e4a25516 100644 --- a/components/bt/bluedroid/stack/gatt/att_protocol.c +++ b/components/bt/bluedroid/stack/gatt/att_protocol.c @@ -378,10 +378,26 @@ BT_HDR *attp_build_sr_msg(tGATT_TCB *p_tcb, UINT8 op_code, tGATT_SR_MSG *p_msg) switch (op_code) { case GATT_RSP_READ_BLOB: case GATT_RSP_PREPARE_WRITE: + case GATT_RSP_READ_BY_TYPE: + case GATT_RSP_READ: + case GATT_HANDLE_VALUE_NOTIF: + case GATT_HANDLE_VALUE_IND: + case GATT_RSP_ERROR: + case GATT_RSP_MTU: + /* Need to check the validation of parameter p_msg*/ if (p_msg == NULL) { - GATT_TRACE_ERROR("Invalid prepare write response or read blob response, the rsp_msg can't be NULL."); + GATT_TRACE_ERROR("Invalid parameters in %s, op_code=0x%x, the p_msg should not be NULL.", __func__, op_code); return NULL; } + break; + + default: + break; + } + + switch (op_code) { + case GATT_RSP_READ_BLOB: + case GATT_RSP_PREPARE_WRITE: GATT_TRACE_EVENT ("ATT_RSP_READ_BLOB/GATT_RSP_PREPARE_WRITE: len = %d offset = %d", p_msg->attr_value.len, p_msg->attr_value.offset); offset = p_msg->attr_value.offset;