mirror of
https://github.com/bluekitchen/btstack.git
synced 2025-03-29 22:20:37 +00:00
hci: fix null dereference in hci_send_cmd_packet when hci connection table is full
This commit is contained in:
parent
41d0c87b0d
commit
2deddeced7
12
src/hci.c
12
src/hci.c
@ -83,7 +83,7 @@ static void hci_connection_timestamp(hci_connection_t *connection);
|
||||
static int hci_power_control_on(void);
|
||||
static void hci_power_control_off(void);
|
||||
static void hci_state_reset(void);
|
||||
static void hci_emit_connection_complete(hci_connection_t *conn, uint8_t status);
|
||||
static void hci_emit_connection_complete(bd_addr_t address, hci_con_handle_t con_handle, uint8_t status);
|
||||
static void hci_emit_l2cap_check_timeout(hci_connection_t *conn);
|
||||
static void hci_emit_disconnection_complete(hci_con_handle_t con_handle, uint8_t reason);
|
||||
static void hci_emit_nr_connections_changed(void);
|
||||
@ -2807,7 +2807,7 @@ int hci_send_cmd_packet(uint8_t *packet, int size){
|
||||
conn = create_connection_for_bd_addr_and_type(addr, BD_ADDR_TYPE_CLASSIC);
|
||||
if (!conn){
|
||||
// notify client that alloc failed
|
||||
hci_emit_connection_complete(conn, BTSTACK_MEMORY_ALLOC_FAILED);
|
||||
hci_emit_connection_complete(addr, 0, BTSTACK_MEMORY_ALLOC_FAILED);
|
||||
return 0; // don't sent packet to controller
|
||||
}
|
||||
conn->state = SEND_CREATE_CONNECTION;
|
||||
@ -2817,7 +2817,7 @@ int hci_send_cmd_packet(uint8_t *packet, int size){
|
||||
// if connection active exists
|
||||
case OPEN:
|
||||
// and OPEN, emit connection complete command, don't send to controller
|
||||
hci_emit_connection_complete(conn, 0);
|
||||
hci_emit_connection_complete(addr, 0, 0);
|
||||
return 0;
|
||||
case SEND_CREATE_CONNECTION:
|
||||
// connection created by hci, e.g. dedicated bonding
|
||||
@ -3010,13 +3010,13 @@ void hci_emit_state(void){
|
||||
hci_emit_event(event, sizeof(event), 1);
|
||||
}
|
||||
|
||||
static void hci_emit_connection_complete(hci_connection_t *conn, uint8_t status){
|
||||
static void hci_emit_connection_complete(bd_addr_t address, hci_con_handle_t con_handle, uint8_t status){
|
||||
uint8_t event[13];
|
||||
event[0] = HCI_EVENT_CONNECTION_COMPLETE;
|
||||
event[1] = sizeof(event) - 2;
|
||||
event[2] = status;
|
||||
little_endian_store_16(event, 3, conn->con_handle);
|
||||
reverse_bd_addr(conn->address, &event[5]);
|
||||
little_endian_store_16(event, 3, con_handle);
|
||||
reverse_bd_addr(address, &event[5]);
|
||||
event[11] = 1; // ACL connection
|
||||
event[12] = 0; // encryption disabled
|
||||
hci_emit_event(event, sizeof(event), 1);
|
||||
|
Loading…
x
Reference in New Issue
Block a user