]> granicus.if.org Git - esp-idf/commitdiff
component/bt:fixed the write ccc crash bug error
authorYulong <huangyulong@espressif.com>
Mon, 20 Feb 2017 13:50:02 +0000 (08:50 -0500)
committerYulong <huangyulong@espressif.com>
Mon, 20 Feb 2017 13:50:02 +0000 (08:50 -0500)
components/bt/bluedroid/stack/gatt/gatt_db.c

index 03919d483c31d407a1957c5ab13df62718dbe16e..bb9bfc5f72d603fd8ccb278e2d2bb5f5a43b1d72 100644 (file)
@@ -597,11 +597,14 @@ UINT16 gatts_add_char_descr (tGATT_SVC_DB *p_db, tGATT_PERM perm,
             }
             p_char_dscptr->p_value->attr_val.attr_len = attr_val->attr_len;
             p_char_dscptr->p_value->attr_val.attr_max_len  = attr_val->attr_max_len;
-            if (attr_val->attr_val != NULL) {
+            if (attr_val->attr_max_len != 0) {
                 p_char_dscptr->p_value->attr_val.attr_val = GKI_getbuf(attr_val->attr_max_len);
                 if (p_char_dscptr->p_value->attr_val.attr_val != NULL) {
                     memset(p_char_dscptr->p_value->attr_val.attr_val, 0, attr_val->attr_max_len);
-                    memcpy(p_char_dscptr->p_value->attr_val.attr_val, attr_val->attr_val, attr_val->attr_len);
+                    if(attr_val->attr_val != NULL) {
+                        memcpy(p_char_dscptr->p_value->attr_val.attr_val, 
+                               attr_val->attr_val, attr_val->attr_len);
+                    }
                 }
             }
         }
@@ -873,7 +876,7 @@ tGATT_STATUS gatts_write_attr_value_by_handle(tGATT_SVC_DB *p_db,
                 }
 
                 if (p_attr->p_value != NULL && (p_attr->p_value->attr_val.attr_max_len >=
-                                                offset + len)) {
+                                                offset + len) && p_attr->p_value->attr_val.attr_val != NULL) {
                     memcpy(p_attr->p_value->attr_val.attr_val + offset, p_value, len);
                     p_attr->p_value->attr_val.attr_len = len + offset;
                     return GATT_SUCCESS;