From f21b8bbf557cb5bf8b9ab3f788247dd52ce5d99b Mon Sep 17 00:00:00 2001
From: Renz Christian Bagaporo <renz@espressif.com>
Date: Thu, 16 May 2019 11:51:57 +0800
Subject: [PATCH] esp_event: fix issue with post data preparation

Fixes an issue with post instance data preparation. Currently, there is
no way to check if event data has really been set during handler
execution preparation. When data is not allocated from the heap, user
could have passed 0x0 which can lead to failed checks.

This also implements using the already allocated data memory for posting
events from non-ISR functions when data size is less than the capacity.
---
 components/esp_event/esp_event.c              | 47 +++++++++++++------
 .../private_include/esp_event_internal.h      |  3 +-
 2 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/components/esp_event/esp_event.c b/components/esp_event/esp_event.c
index e89b7e3caa..f9704977d1 100644
--- a/components/esp_event/esp_event.c
+++ b/components/esp_event/esp_event.c
@@ -132,8 +132,18 @@ static void handler_execute(esp_event_loop_instance_t* loop, esp_event_handler_i
 #endif
     // Execute the handler
 #if CONFIG_ESP_EVENT_POST_FROM_ISR
-    (*(handler->handler))(handler->arg, post.base, post.id, post.data_allocd ? post.data.ptr : &post.data.val);
-#else 
+    void* data_ptr = NULL;
+
+    if (post.data_set) {
+        if (post.data_allocated) {
+            data_ptr = post.data.ptr;
+        } else {
+            data_ptr = &post.data.val;
+        }
+    }
+
+    (*(handler->handler))(handler->arg, post.base, post.id, data_ptr);
+#else
     (*(handler->handler))(handler->arg, post.base, post.id, post.data);
 #endif
 
@@ -380,7 +390,7 @@ static void loop_node_remove_all_handler(esp_event_loop_node_t* loop_node)
 static void inline __attribute__((always_inline)) post_instance_delete(esp_event_post_instance_t* post)
 {
 #if CONFIG_ESP_EVENT_POST_FROM_ISR
-    if (post->data_allocd && post->data.ptr) {
+    if (post->data_allocated && post->data.ptr) {
         free(post->data.ptr);
     }
 #else
@@ -740,20 +750,28 @@ esp_err_t esp_event_post_to(esp_event_loop_handle_t event_loop, esp_event_base_t
     esp_event_loop_instance_t* loop = (esp_event_loop_instance_t*) event_loop;
 
     esp_event_post_instance_t post;
-    memset((void*)(&(post.data)), 0, sizeof(post.data));
+    memset((void*)(&post), 0, sizeof(post));
 
     if (event_data != NULL && event_data_size != 0) {
-        // Make persistent copy of event data on heap.
-        void* event_data_copy = calloc(1, event_data_size);
+#if CONFIG_ESP_EVENT_POST_FROM_ISR
+        if(event_data_size > sizeof(post.data.val)) {
+#endif
+            // Make persistent copy of event data on heap.
+            void* event_data_copy = calloc(1, event_data_size);
 
-        if (event_data_copy == NULL) {
-            return ESP_ERR_NO_MEM;
-        }
+            if (event_data_copy == NULL) {
+                return ESP_ERR_NO_MEM;
+            }
 
-        memcpy(event_data_copy, event_data, event_data_size);
+            memcpy(event_data_copy, event_data, event_data_size);
 #if CONFIG_ESP_EVENT_POST_FROM_ISR
-        post.data.ptr = event_data_copy;
-        post.data_allocd = true;
+            post.data.ptr = event_data_copy;
+            post.data_allocated = true;
+        } else {
+            memcpy(&post.data.val, event_data, event_data_size);
+            post.data_allocated = false;
+        }
+        post.data_set = true;
 #else
         post.data = event_data_copy;
 #endif
@@ -816,7 +834,7 @@ esp_err_t esp_event_isr_post_to(esp_event_loop_handle_t event_loop, esp_event_ba
     esp_event_loop_instance_t* loop = (esp_event_loop_instance_t*) event_loop;
 
     esp_event_post_instance_t post;
-    memset((void*)(&(post.data)), 0, sizeof(post.data));
+    memset((void*)(&post), 0, sizeof(post));
 
     if (event_data_size > sizeof(post.data.val)) {
         return ESP_ERR_INVALID_ARG;
@@ -824,7 +842,8 @@ esp_err_t esp_event_isr_post_to(esp_event_loop_handle_t event_loop, esp_event_ba
 
     if (event_data != NULL && event_data_size != 0) {
         memcpy((void*)(&(post.data.val)), event_data, event_data_size);
-        post.data_allocd = false;
+        post.data_allocated = false;
+        post.data_set = true;
     }
     post.base = event_base;
     post.id = event_id;
diff --git a/components/esp_event/private_include/esp_event_internal.h b/components/esp_event/private_include/esp_event_internal.h
index d5bbb7fac1..fb970a8068 100644
--- a/components/esp_event/private_include/esp_event_internal.h
+++ b/components/esp_event/private_include/esp_event_internal.h
@@ -97,7 +97,8 @@ typedef void* esp_event_post_data_t;
 /// Event posted to the event queue
 typedef struct esp_event_post_instance {
 #if CONFIG_ESP_EVENT_POST_FROM_ISR
-    bool data_allocd;                                                /**< indicates whether data is alloc'd */
+    bool data_allocated;                                             /**< indicates whether data is allocated from heap */
+    bool data_set;                                                   /**< indicates if data is null */
 #endif
     esp_event_base_t base;                                           /**< the event base */
     int32_t id;                                                      /**< the event id */
-- 
2.50.1