Merge branch 'feat/support_blecrt_242' into 'master'

fix(bt/bluedroid): Fixed access fault when reading BLE controller information fails

Closes BLERP-1019 and BLERP-1020

See merge request espressif/esp-idf!33406

components/bt/host/bluedroid/api/include/api/esp_gatts_api.h

@@ -242,6 +242,7 @@ typedef union {
      */
     struct gatts_rsp_evt_param {
         esp_gatt_status_t status;       /*!< Operation status */
+        uint16_t conn_id;               /*!< Connection id */
         uint16_t handle;                /*!< Attribute handle which send response */
     } rsp;                              /*!< Gatt server callback param of ESP_GATTS_RESPONSE_EVT */
 

components/bt/host/bluedroid/btc/profile/std/gatt/btc_gatts.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -469,7 +469,7 @@ static esp_gatt_status_t btc_gatts_check_valid_attr_tab(esp_gatts_attr_db_t *gat
                 if(gatts_attr_db[i+1].att_desc.uuid_length != ESP_UUID_LEN_16 &&
                    gatts_attr_db[i+1].att_desc.uuid_length != ESP_UUID_LEN_32 &&
                    gatts_attr_db[i+1].att_desc.uuid_length != ESP_UUID_LEN_128) {
-                    BTC_TRACE_ERROR("%s, The Charateristic uuid length = %d is invalid", __func__,\
+                    BTC_TRACE_ERROR("%s, The Characteristic uuid length = %d is invalid", __func__,\
                         gatts_attr_db[i+1].att_desc.uuid_length);
                     return ESP_GATT_INVALID_ATTR_LEN;
                 }
@@ -481,7 +481,7 @@ static esp_gatt_status_t btc_gatts_check_valid_attr_tab(esp_gatts_attr_db_t *gat
                         uuid == ESP_GATT_UUID_CHAR_SRVR_CONFIG || uuid == ESP_GATT_UUID_CHAR_PRESENT_FORMAT ||
                         uuid == ESP_GATT_UUID_CHAR_AGG_FORMAT || uuid == ESP_GATT_UUID_CHAR_VALID_RANGE ||
                         uuid == ESP_GATT_UUID_EXT_RPT_REF_DESCR || uuid == ESP_GATT_UUID_RPT_REF_DESCR) {
-                        BTC_TRACE_ERROR("%s, The charateristic value uuid = %d is invalid", __func__, uuid);
+                        BTC_TRACE_ERROR("%s, The characteristic value uuid = %d is invalid", __func__, uuid);
                         return ESP_GATT_INVALID_PDU;
                     }
                 }
@@ -694,6 +694,7 @@ void btc_gatts_call_handler(btc_msg_t *msg)
         }
 
         param.rsp.status = 0;
+        param.rsp.conn_id = BTC_GATT_GET_CONN_ID(arg->send_rsp.conn_id);
         btc_gatts_cb_to_app(ESP_GATTS_RESPONSE_EVT, BTC_GATT_GET_GATT_IF(arg->send_rsp.conn_id), &param);
         break;
     }

components/bt/host/bluedroid/device/controller.c

@@ -269,7 +269,7 @@ static void start_up(void)
 #endif //#if (BLE_50_FEATURE_SUPPORT == TRUE)
 
 #if (BLE_50_FEATURE_SUPPORT == TRUE && BLE_42_FEATURE_SUPPORT == FALSE)
-        if (HCI_LE_ENHANCED_PRIVACY_SUPPORTED(controller_param.features_ble.as_array)) {
+        if (HCI_LE_EXT_ADV_SUPPORTED(controller_param.features_ble.as_array)) {
             response = AWAIT_COMMAND(controller_param.packet_factory->make_read_max_adv_data_len());
             controller_param.packet_parser->parse_ble_read_adv_max_len_response(
                 response,

components/bt/host/bluedroid/hci/hci_packet_parser.c

@@ -186,7 +186,9 @@ static void parse_ble_read_resolving_list_size_response(
 {
 
     uint8_t *stream = read_command_complete_header(response, HCI_BLE_READ_RESOLVING_LIST_SIZE, 1 /* bytes after */);
-    STREAM_TO_UINT8(*resolving_list_size_ptr, stream);
+    if (stream) {
+        STREAM_TO_UINT8(*resolving_list_size_ptr, stream);
+    }
 
     osi_free(response);
 }
@@ -198,19 +200,25 @@ static void parse_ble_read_suggested_default_data_length_response(
 {
 
     uint8_t *stream = read_command_complete_header(response, HCI_BLE_READ_DEFAULT_DATA_LENGTH, 2 /* bytes after */);
-    STREAM_TO_UINT16(*ble_default_packet_length_ptr, stream);
-    STREAM_TO_UINT16(*ble_default_packet_txtime_ptr, stream);
+    if (stream) {
+        STREAM_TO_UINT16(*ble_default_packet_length_ptr, stream);
+        STREAM_TO_UINT16(*ble_default_packet_txtime_ptr, stream);
+    }
+
     osi_free(response);
 }
+
 #if (BLE_50_FEATURE_SUPPORT == TRUE)
 static void parse_ble_read_adv_max_len_response(
     BT_HDR *response,
     uint16_t *adv_max_len_ptr)
 {
 
     uint8_t *stream = read_command_complete_header(response, HCI_BLE_RD_MAX_ADV_DATA_LEN, 1 /* bytes after */);
-    // Size: 2 Octets ; Value: 0x001F – 0x0672 ; Maximum supported advertising data length
-    STREAM_TO_UINT16(*adv_max_len_ptr, stream);
+    if (stream) {
+        // Size: 2 Octets ; Value: 0x001F – 0x0672 ; Maximum supported advertising data length
+        STREAM_TO_UINT16(*adv_max_len_ptr, stream);
+    }
 
     osi_free(response);
 }
@@ -254,6 +262,7 @@ static uint8_t *read_command_complete_header(
     STREAM_TO_UINT8(status, stream);
 
     if (status != HCI_SUCCESS) {
+        HCI_TRACE_ERROR("%s failed: opcode 0x%04x, status 0x%02x", __func__, opcode, status);
         return NULL;
     }
 

components/bt/host/bluedroid/stack/include/stack/hcidefs.h

@@ -1871,42 +1871,50 @@ typedef struct {
 #define HCI_PING_SUPPORTED(x) ((x)[HCI_EXT_FEATURE_PING_OFF] & HCI_EXT_FEATURE_PING_MASK)
 
 /*
-**   LE features encoding - page 0 (the only page for now)
+**   LE features encoding - page 0
 */
-/* LE Encryption */
+/* LE Encryption: bit 0 */
 #define HCI_LE_FEATURE_LE_ENCRYPTION_MASK       0x01
 #define HCI_LE_FEATURE_LE_ENCRYPTION_OFF        0
 #define HCI_LE_ENCRYPTION_SUPPORTED(x) ((x)[HCI_LE_FEATURE_LE_ENCRYPTION_OFF] & HCI_LE_FEATURE_LE_ENCRYPTION_MASK)
 
-/* Connection Parameters Request Procedure */
+/* Connection Parameters Request Procedure: bit 1 */
 #define HCI_LE_FEATURE_CONN_PARAM_REQ_MASK       0x02
 #define HCI_LE_FEATURE_CONN_PARAM_REQ_OFF        0
 #define HCI_LE_CONN_PARAM_REQ_SUPPORTED(x) ((x)[HCI_LE_FEATURE_CONN_PARAM_REQ_OFF] & HCI_LE_FEATURE_CONN_PARAM_REQ_MASK)
 
-/* Extended Reject Indication */
+/* Extended Reject Indication: bit 2 */
 #define HCI_LE_FEATURE_EXT_REJ_IND_MASK       0x04
 #define HCI_LE_FEATURE_EXT_REJ_IND_OFF        0
 #define HCI_LE_EXT_REJ_IND_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_REJ_IND_OFF] & HCI_LE_FEATURE_EXT_REJ_IND_MASK)
 
-/* Slave-initiated Features Exchange */
+/* Slave-initiated Features Exchange: bit 3 */
 #define HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_MASK       0x08
 #define HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_OFF        0
 #define HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(x) ((x)[HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_OFF] & HCI_LE_FEATURE_SLAVE_INIT_FEAT_EXC_MASK)
 
+/* LE Data Packet Length Extension: bit 5 */
+#define HCI_LE_FEATURE_DATA_LEN_EXT_MASK       0x20
+#define HCI_LE_FEATURE_DATA_LEN_EXT_OFF        0
+#define HCI_LE_DATA_LEN_EXT_SUPPORTED(x) ((x)[HCI_LE_FEATURE_DATA_LEN_EXT_OFF] & HCI_LE_FEATURE_DATA_LEN_EXT_MASK)
+
 /* Enhanced privacy Feature: bit 6 */
 #define HCI_LE_FEATURE_ENHANCED_PRIVACY_MASK       0x40
 #define HCI_LE_FEATURE_ENHANCED_PRIVACY_OFF        0
 #define HCI_LE_ENHANCED_PRIVACY_SUPPORTED(x) ((x)[HCI_LE_FEATURE_ENHANCED_PRIVACY_OFF] & HCI_LE_FEATURE_ENHANCED_PRIVACY_MASK)
 
-/* Extended scanner filter policy : 7 */
+/* Extended scanner filter policy: bit 7 */
 #define HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_MASK       0x80
 #define HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_OFF        0
 #define HCI_LE_EXT_SCAN_FILTER_POLICY_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_OFF] & HCI_LE_FEATURE_EXT_SCAN_FILTER_POLICY_MASK)
 
-/* Slave-initiated Features Exchange */
-#define HCI_LE_FEATURE_DATA_LEN_EXT_MASK       0x20
-#define HCI_LE_FEATURE_DATA_LEN_EXT_OFF        0
-#define HCI_LE_DATA_LEN_EXT_SUPPORTED(x) ((x)[HCI_LE_FEATURE_DATA_LEN_EXT_OFF] & HCI_LE_FEATURE_DATA_LEN_EXT_MASK)
+/*
+**   LE features encoding - page 1
+*/
+/* LE Extended Advertising: bit 12 */
+#define HCI_LE_FEATURE_EXT_ADV_MASK       0x10
+#define HCI_LE_FEATURE_EXT_ADV_OFF        1
+#define HCI_LE_EXT_ADV_SUPPORTED(x) ((x)[HCI_LE_FEATURE_EXT_ADV_OFF] & HCI_LE_FEATURE_EXT_ADV_MASK)
 
 /*
 **   Local Supported Commands encoding