components/bt: Fix a probable memory leak for BTA_GATTS_CONF_EVT event

Multiple modules register their callback BTA_GATTS_AppRegister().

If any of the callbacks do not free the allocated pointer in
BTA_GATTS_CONF_EVT event, then this can result in memory leak.

So, free the pointer after the callback function is called and remove
the calls to free in the callback functions as it is now not required

Signed-off-by: Hrishikesh Dhayagude <hrishi@espressif.com>

diff --git a/components/bt/bluedroid/bta/gatt/bta_gatts_act.c b/components/bt/bluedroid/bta/gatt/bta_gatts_act.c
index c72cd6328708d3894835d3af923f8ae995e3198f..cf3bb5dbd298d41e4dad4c34b214687a2491f8f5 100644 (file)
--- a/components/bt/bluedroid/bta/gatt/bta_gatts_act.c
+++ b/components/bt/bluedroid/bta/gatt/bta_gatts_act.c
@@ -702,6 +702,10 @@ void bta_gatts_indicate_handle (tBTA_GATTS_CB *p_cb, tBTA_GATTS_DATA *p_msg)
                 APPL_TRACE_ERROR("%s, malloc failed", __func__);
             }
             (*p_rcb->p_cback)(BTA_GATTS_CONF_EVT, &cb_data);
+            if (cb_data.req_data.value != NULL) {
+                osi_free(cb_data.req_data.value);
+                cb_data.req_data.value = NULL;
+            }
         }
     } else {
         APPL_TRACE_ERROR("Not an registered servce attribute ID: 0x%04x",

diff --git a/components/bt/bluedroid/btc/profile/esp/blufi/blufi_prf.c b/components/bt/bluedroid/btc/profile/esp/blufi/blufi_prf.c
index 3bfa6afbc8d378fc999bc0e171a306b9cc9c76ba..56be5fb61bd754dfe2431189b5385878262e3a10 100644 (file)
--- a/components/bt/bluedroid/btc/profile/esp/blufi/blufi_prf.c
+++ b/components/bt/bluedroid/btc/profile/esp/blufi/blufi_prf.c
@@ -209,10 +209,7 @@ static void blufi_profile_cb(tBTA_GATTS_EVT event, tBTA_GATTS *p_data)
         blufi_env.frag_size = p_data->req_data.p_data->mtu - BLUFI_MTU_RESERVED_SIZE;
         break;
     case BTA_GATTS_CONF_EVT:
-        BLUFI_TRACE_DEBUG("CONIRM EVT\n");
-        if (p_data && p_data->req_data.value){
-            osi_free(p_data->req_data.value);
-        }
+        BLUFI_TRACE_DEBUG("CONFIRM EVT\n");
         /* Nothing */
         break;
     case BTA_GATTS_CREATE_EVT:

diff --git a/components/bt/bluedroid/btc/profile/std/gatt/btc_gatts.c b/components/bt/bluedroid/btc/profile/std/gatt/btc_gatts.c
index fc043914eb0ceb6235f014aade5b7a9b74d7d926..bfe9cc04ea34d36df42b205d7ebcb8ab8b1600d7 100644 (file)
--- a/components/bt/bluedroid/btc/profile/std/gatt/btc_gatts.c
+++ b/components/bt/bluedroid/btc/profile/std/gatt/btc_gatts.c
@@ -530,9 +530,6 @@ static void btc_gatts_cb_param_copy_free(btc_msg_t *msg, tBTA_GATTS *p_data)
         }
         break;
     case BTA_GATTS_CONF_EVT:
-        if (p_data && p_data->req_data.value){
-            osi_free(p_data->req_data.value);
-        }
         break;
     default:
         break;