From: baohongde <baohongde@espressif.com>
Date: Fri, 29 Jun 2018 03:40:46 +0000 (+0800)
Subject: component/bt: Fix some bad point calculations of BT GAP
X-Git-Tag: v3.2-beta1~482^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=be8ec6b8d2d48bc03c04e020fd24b85c7df70b5c;p=esp-idf

component/bt: Fix some bad point calculations of BT GAP

In response to: https://github.com/espressif/esp-idf/issues/2103
---

diff --git a/components/bt/bluedroid/btc/profile/std/gap/btc_gap_bt.c b/components/bt/bluedroid/btc/profile/std/gap/btc_gap_bt.c
index a28cd2b722..e6bf5c2808 100644
--- a/components/bt/bluedroid/btc/profile/std/gap/btc_gap_bt.c
+++ b/components/bt/bluedroid/btc/profile/std/gap/btc_gap_bt.c
@@ -151,7 +151,7 @@ static void search_devices_copy_cb(btc_msg_t *msg, void *p_dest, void *p_src)
         switch (p_dest_data->event) {
         case BTA_DM_INQ_RES_EVT: {
             if (p_src_data->p_data->inq_res.p_eir) {
-                p_dest_data->p_data->inq_res.p_eir = (UINT8 *)(p_dest_data->p_data + sizeof(tBTA_DM_SEARCH));
+                p_dest_data->p_data->inq_res.p_eir = (UINT8 *)(p_dest_data->p_data) + sizeof(tBTA_DM_SEARCH);
                 memcpy(p_dest_data->p_data->inq_res.p_eir, p_src_data->p_data->inq_res.p_eir, HCI_EXT_INQ_RESPONSE_LEN);
             }
         }
@@ -159,7 +159,7 @@ static void search_devices_copy_cb(btc_msg_t *msg, void *p_dest, void *p_src)
 
         case BTA_DM_DISC_RES_EVT: {
             if (p_src_data->p_data->disc_res.raw_data_size && p_src_data->p_data->disc_res.p_raw_data) {
-                p_dest_data->p_data->disc_res.p_raw_data = (UINT8 *)(p_dest_data->p_data + sizeof(tBTA_DM_SEARCH));
+                p_dest_data->p_data->disc_res.p_raw_data = (UINT8 *)(p_dest_data->p_data) + sizeof(tBTA_DM_SEARCH);
                 memcpy(p_dest_data->p_data->disc_res.p_raw_data,
                        p_src_data->p_data->disc_res.p_raw_data,
                        p_src_data->p_data->disc_res.raw_data_size);
@@ -194,7 +194,7 @@ static void search_service_record_copy_cb(btc_msg_t *msg, void *p_dest, void *p_
         switch (p_dest_data->event) {
         case BTA_DM_DISC_RES_EVT: {
             if (p_src_data->p_data->disc_res.p_raw_data && p_src_data->p_data->disc_res.raw_data_size > 0) {
-                p_dest_data->p_data->disc_res.p_raw_data = (UINT8 *)(p_dest_data->p_data + sizeof(tBTA_DM_SEARCH));
+                p_dest_data->p_data->disc_res.p_raw_data = (UINT8 *)(p_dest_data->p_data) + sizeof(tBTA_DM_SEARCH);
                 memcpy(p_dest_data->p_data->disc_res.p_raw_data,
                        p_src_data->p_data->disc_res.p_raw_data,
                        p_src_data->p_data->disc_res.raw_data_size);
@@ -566,7 +566,7 @@ static void search_services_copy_cb(btc_msg_t *msg, void *p_dest, void *p_src)
         case BTA_DM_DISC_RES_EVT: {
             if (p_src_data->p_data->disc_res.result == BTA_SUCCESS) {
                 if (p_src_data->p_data->disc_res.num_uuids > 0) {
-                    p_dest_data->p_data->disc_res.p_uuid_list = (UINT8 *)(p_dest_data->p_data + sizeof(tBTA_DM_SEARCH));
+                    p_dest_data->p_data->disc_res.p_uuid_list = (UINT8 *)(p_dest_data->p_data) + sizeof(tBTA_DM_SEARCH);
                     memcpy(p_dest_data->p_data->disc_res.p_uuid_list, p_src_data->p_data->disc_res.p_uuid_list,
                            p_src_data->p_data->disc_res.num_uuids * MAX_UUID_SIZE);
                     osi_free(p_src_data->p_data->disc_res.p_uuid_list);