p_rcb && p_cb->rcb[p_srvc_cb->rcb_idx].p_cback) {
cb_data.req_data.status = status;
cb_data.req_data.conn_id = p_msg->api_indicate.hdr.layer_specific;
+ cb_data.req_data.value = NULL;
+ cb_data.req_data.data_len = 0;
cb_data.req_data.handle = p_msg->api_indicate.attr_id;
- cb_data.req_data.value = (uint8_t *)osi_malloc(p_msg->api_indicate.len);
- if (cb_data.req_data.value != NULL){
- memset(cb_data.req_data.value, 0, p_msg->api_indicate.len);
- cb_data.req_data.data_len = p_msg->api_indicate.len;
- memcpy(cb_data.req_data.value, p_msg->api_indicate.value, p_msg->api_indicate.len);
- }else{
- cb_data.req_data.data_len = 0;
- APPL_TRACE_ERROR("%s, malloc failed", __func__);
+ if (p_msg->api_indicate.value && (p_msg->api_indicate.len > 0)) {
+ cb_data.req_data.value = (uint8_t *) osi_malloc(p_msg->api_indicate.len);
+ if (cb_data.req_data.value != NULL) {
+ memset(cb_data.req_data.value, 0, p_msg->api_indicate.len);
+ cb_data.req_data.data_len = p_msg->api_indicate.len;
+ memcpy(cb_data.req_data.value, p_msg->api_indicate.value, p_msg->api_indicate.len);
+ } else {
+ APPL_TRACE_ERROR("%s, malloc failed", __func__);
+ }
+ } else {
+ if (p_msg->api_indicate.value) {
+ APPL_TRACE_ERROR("%s, incorrect length", __func__);
+ } else {
+ APPL_TRACE_WARNING("%s, NULL value", __func__);
+ }
}
(*p_rcb->p_cback)(BTA_GATTS_CONF_EVT, &cb_data);
if (cb_data.req_data.value != NULL) {
switch (msg->act) {
case BTC_GATTS_ACT_SEND_INDICATE: {
- dst->send_ind.value = (uint8_t *)osi_malloc(src->send_ind.value_len);
- if (dst->send_ind.value) {
- memcpy(dst->send_ind.value, src->send_ind.value, src->send_ind.value_len);
+ if (src->send_ind.value && (src->send_ind.value_len > 0)) {
+ dst->send_ind.value = (uint8_t *) osi_malloc(src->send_ind.value_len);
+ if (dst->send_ind.value) {
+ memcpy(dst->send_ind.value, src->send_ind.value, src->send_ind.value_len);
+ } else {
+ BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act);
+ }
} else {
- BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act);
+ dst->send_ind.value = NULL;
+ if (src->send_ind.value) {
+ BTC_TRACE_ERROR("%s %d, invalid length", __func__, msg->act);
+ } else {
+ BTC_TRACE_WARNING("%s %d, NULL value", __func__, msg->act);
+ }
}
break;
}
case BTC_GATTS_ACT_SEND_RESPONSE: {
if (src->send_rsp.rsp) {
- dst->send_rsp.rsp = (esp_gatt_rsp_t *)osi_malloc(sizeof(esp_gatt_rsp_t));
+ dst->send_rsp.rsp = (esp_gatt_rsp_t *) osi_malloc(sizeof(esp_gatt_rsp_t));
if (dst->send_rsp.rsp) {
memcpy(dst->send_rsp.rsp, src->send_rsp.rsp, sizeof(esp_gatt_rsp_t));
} else {
BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act);
}
+ } else {
+ BTC_TRACE_WARNING("%s %d, NULL response", __func__, msg->act);
}
break;
}
- case BTC_GATTS_ACT_ADD_CHAR:{
- if (src->add_char.char_val.attr_value != NULL){
- dst->add_char.char_val.attr_value = (uint8_t *)osi_malloc(src->add_char.char_val.attr_len);
- if(dst->add_char.char_val.attr_value != NULL){
+ case BTC_GATTS_ACT_ADD_CHAR: {
+ if (src->add_char.char_val.attr_value && (src->add_char.char_val.attr_len > 0)) {
+ dst->add_char.char_val.attr_value = (uint8_t *) osi_malloc(src->add_char.char_val.attr_len);
+ if (dst->add_char.char_val.attr_value) {
memcpy(dst->add_char.char_val.attr_value, src->add_char.char_val.attr_value,
src->add_char.char_val.attr_len);
- }else{
+ } else {
BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act);
}
+ } else {
+ dst->add_char.char_val.attr_value = NULL;
+ if (src->add_char.char_val.attr_value) {
+ BTC_TRACE_ERROR("%s %d, invalid length", __func__, msg->act);
+ } else {
+ BTC_TRACE_WARNING("%s %d, NULL value", __func__, msg->act);
+ }
}
break;
}
- case BTC_GATTS_ACT_ADD_CHAR_DESCR:{
- if(src->add_descr.descr_val.attr_value != NULL){
- dst->add_descr.descr_val.attr_value = (uint8_t *)osi_malloc(src->add_descr.descr_val.attr_len);
- if(dst->add_descr.descr_val.attr_value != NULL){
+ case BTC_GATTS_ACT_ADD_CHAR_DESCR: {
+ if (src->add_descr.descr_val.attr_value && (src->add_descr.descr_val.attr_len > 0)) {
+ dst->add_descr.descr_val.attr_value = (uint8_t *) osi_malloc(src->add_descr.descr_val.attr_len);
+ if (dst->add_descr.descr_val.attr_value) {
memcpy(dst->add_descr.descr_val.attr_value, src->add_descr.descr_val.attr_value,
src->add_descr.descr_val.attr_len);
- }else{
+ } else {
BTC_TRACE_ERROR("%s %d no mem\n", __func__, msg->act);
}
+ } else {
+ dst->add_descr.descr_val.attr_value = NULL;
+ if (src->add_descr.descr_val.attr_value) {
+ BTC_TRACE_ERROR("%s %d, invalid length", __func__, msg->act);
+ } else {
+ BTC_TRACE_WARNING("%s %d, NULL value", __func__, msg->act);
+ }
}
break;
}
- case BTC_GATTS_ACT_CREATE_ATTR_TAB:{
+ case BTC_GATTS_ACT_CREATE_ATTR_TAB: {
uint8_t num_attr = src->create_attr_tab.max_nb_attr;
- if(src->create_attr_tab.gatts_attr_db != NULL){
- dst->create_attr_tab.gatts_attr_db = (esp_gatts_attr_db_t *)osi_malloc(sizeof(esp_gatts_attr_db_t)*num_attr);
- if(dst->create_attr_tab.gatts_attr_db != NULL){
+ if (src->create_attr_tab.gatts_attr_db && (num_attr > 0)) {
+ dst->create_attr_tab.gatts_attr_db = (esp_gatts_attr_db_t *) osi_malloc(sizeof(esp_gatts_attr_db_t) * num_attr);
+ if (dst->create_attr_tab.gatts_attr_db) {
memcpy(dst->create_attr_tab.gatts_attr_db, src->create_attr_tab.gatts_attr_db,
- sizeof(esp_gatts_attr_db_t)*num_attr);
- }else{
+ sizeof(esp_gatts_attr_db_t) * num_attr);
+ } else {
BTC_TRACE_ERROR("%s %d no mem\n",__func__, msg->act);
}
+ } else {
+ BTC_TRACE_ERROR("%s %d, NULL data", __func__, msg->act);
}
break;
}
- case BTC_GATTS_ACT_SET_ATTR_VALUE:{
- uint16_t len = src->set_attr_val.length;
- if(src->set_attr_val.value){
- dst->set_attr_val.value = (uint8_t *)osi_malloc(len);
- if(dst->set_attr_val.value != NULL){
- memcpy(dst->set_attr_val.value, src->set_attr_val.value, len);
- }else{
+ case BTC_GATTS_ACT_SET_ATTR_VALUE: {
+ if (src->set_attr_val.value && (src->set_attr_val.length > 0)) {
+ dst->set_attr_val.value = (uint8_t *) osi_malloc(src->set_attr_val.length);
+ if (dst->set_attr_val.value) {
+ memcpy(dst->set_attr_val.value, src->set_attr_val.value, src->set_attr_val.length);
+ } else {
BTC_TRACE_ERROR("%s %d no mem\n",__func__, msg->act);
}
+ } else {
+ dst->set_attr_val.value = NULL;
+ if (src->set_attr_val.value) {
+ BTC_TRACE_ERROR("%s %d, invalid length", __func__, msg->act);
+ } else {
+ BTC_TRACE_WARNING("%s %d, NULL value", __func__, msg->act);
+ }
}
break;
}
projects / esp-idf / commitdiff