hci: fix report of extended advertisements with data len > 31

CHANGELOG.md

@@ -19,7 +19,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - esp32: allow to disable default audio i2s driver via component config
 - 
 ## Fixed
-- hci: fix set extended scan response
+- HCI: fix set extended scan response
+- HCI: fix report of extended advertisements with data len > 31 
 - SM: fix value in SM_EVENT_NUMERIC_COMPARISON_REQUEST
 - btstack_stdin_embedded: use timer to poll RTT input, fix for tickless RTOS
 - gatt_client: return ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER for invalid connection handle

src/bluetooth.h

@@ -403,6 +403,7 @@ typedef enum {
 #define HCI_SCO_3EV5_SIZE          540
 
 #define LE_ADVERTISING_DATA_SIZE    31
+#define LE_EXTENDED_ADVERTISING_DATA_SIZE    229
 #define LE_EXTENDED_ADVERTISING_MAX_HANDLE 0xEFu
 #define LE_EXTENDED_ADVERTISING_MAX_CHUNK_LEN 251
 

src/hci.c

@@ -1494,7 +1494,7 @@ void le_handle_extended_advertisement_report(uint8_t *packet, uint16_t size) {
     for (i=0; (i<num_reports) && (offset < size);i++){
         // sanity checks on data_length:
         uint16_t data_length = packet[offset + 23];
-        if (data_length > LE_ADVERTISING_DATA_SIZE) return;
+        if (data_length > LE_EXTENDED_ADVERTISING_DATA_SIZE) return;
         if ((offset + 24u + data_length) > size)    return;
         uint16_t event_type = little_endian_read_16(packet, offset);
         offset += 2;