From 542b725545da6c68a989cfcda656a373aa20702e Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Mon, 19 Oct 2020 17:21:49 +0100 Subject: [PATCH 1/2] BLE: Fix incorrect index used to access attsCb.prepWriteQueue in Cordio The connection id starts at the value 1. The entry accessed in the array should be connId - 1 --- .../cordio_stack/ble-host/sources/stack/att/atts_main.c | 2 +- .../cordio_stack/ble-host/sources/stack/att/atts_write.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_main.c b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_main.c index 998e6300d0..36dbbd0722 100644 --- a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_main.c +++ b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_main.c @@ -366,7 +366,7 @@ void attsClearPrepWrites(attsCcb_t *pCcb) { void *pBuf; - while ((pBuf = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId])) != NULL) + while ((pBuf = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId - 1])) != NULL) { WsfBufFree(pBuf); } diff --git a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_write.c b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_write.c index 44a70ca234..64d9c6d187 100644 --- a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_write.c +++ b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_write.c @@ -265,7 +265,7 @@ void attsProcPrepWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket) err = ATT_ERR_LENGTH; } /* verify prepare write queue limit not reached */ - else if (WsfQueueCount(&attsCb.prepWriteQueue[pCcb->connId]) >= pAttCfg->numPrepWrites) + else if (WsfQueueCount(&attsCb.prepWriteQueue[pCcb->connId - 1]) >= pAttCfg->numPrepWrites) { err = ATT_ERR_QUEUE_FULL; } @@ -288,7 +288,7 @@ void attsProcPrepWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket) pPrep->handle = handle; pPrep->offset = offset; memcpy(pPrep->packet, pPacket, writeLen); - WsfQueueEnq(&attsCb.prepWriteQueue[pCcb->connId], pPrep); + WsfQueueEnq(&attsCb.prepWriteQueue[pCcb->connId - 1], pPrep); /* allocate response buffer */ if ((pBuf = attMsgAlloc(L2C_PAYLOAD_START + ATT_PREP_WRITE_RSP_LEN + writeLen)) != NULL) @@ -342,7 +342,7 @@ void attsProcExecWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket) else if (*pPacket == ATT_EXEC_WRITE_ALL) { /* iterate over prepare write queue and verify offset and length */ - for (pPrep = attsCb.prepWriteQueue[pCcb->connId].pHead; pPrep != NULL; pPrep = pPrep->pNext) + for (pPrep = attsCb.prepWriteQueue[pCcb->connId - 1].pHead; pPrep != NULL; pPrep = pPrep->pNext) { /* find attribute */ if ((pAttr = attsFindByHandle(pPrep->handle, &pGroup)) != NULL) @@ -371,7 +371,7 @@ void attsProcExecWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket) if (err == ATT_SUCCESS) { /* for each buffer */ - while ((pPrep = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId])) != NULL) + while ((pPrep = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId - 1])) != NULL) { /* write buffer */ if ((err = attsExecPrepWrite(pCcb, pPrep)) != ATT_SUCCESS) From 3cab37793b8bef1497f2e7e97a103cec19156e36 Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Mon, 19 Oct 2020 17:23:42 +0100 Subject: [PATCH 2/2] BLE: Fix index access to attcCb.onDeck in Cordio. The connection starts at 1, not 0. The entry in the array should be connId - 1 --- .../ble-host/sources/stack/att/attc_main.c | 12 ++++++------ .../ble-host/sources/stack/att/attc_proc.c | 6 +++--- .../ble-host/sources/stack/att/attc_sign.c | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_main.c b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_main.c index 10cb08f29c..e3e5f43b17 100644 --- a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_main.c +++ b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_main.c @@ -591,9 +591,9 @@ static void attcConnCback(attCcb_t *pCcb, dmEvt_t *pDmEvt) } /* free any req on deck */ - if (attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE) + if (attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE) { - attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId], status); + attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId - 1], status); } for (i = 0; i < ATT_BEARER_MAX; i++) @@ -672,7 +672,7 @@ void attcMsgCback(attcApiMsg_t *pMsg) /* verify no API request already waiting on deck, in progress, or no pending write command already for this handle */ if (((pCcb->slot == ATT_BEARER_SLOT_ID) && - (attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE)) || + (attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE)) || (pCcb->outReq.hdr.event > ATTC_MSG_API_MTU) || ((pMsg->hdr.event == ATTC_MSG_API_WRITE_CMD) && attcPendWriteCmd(pCcb, pMsg->handle))) @@ -686,7 +686,7 @@ void attcMsgCback(attcApiMsg_t *pMsg) if ((pCcb->slot == ATT_BEARER_SLOT_ID) && (pCcb->outReq.hdr.event == ATTC_MSG_API_MTU)) { /* put request "on deck" for processing later */ - attcCb.onDeck[pCcb->connId] = *pMsg; + attcCb.onDeck[pCcb->connId - 1] = *pMsg; } /* otherwise ready to send; set up request */ else @@ -706,9 +706,9 @@ void attcMsgCback(attcApiMsg_t *pMsg) } /* else free any req on deck */ else if ((pCcb->slot == ATT_BEARER_SLOT_ID) & - (attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE)) + (attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE)) { - attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId], ATT_ERR_CANCELLED); + attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId - 1], ATT_ERR_CANCELLED); } } /* else if timeout */ diff --git a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_proc.c b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_proc.c index edb846b413..0f87518a91 100644 --- a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_proc.c +++ b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_proc.c @@ -410,13 +410,13 @@ void attcProcRsp(attcCcb_t *pCcb, uint16_t len, uint8_t *pPacket) } /* else if api is on deck */ else if ((pCcb->slot == ATT_BEARER_SLOT_ID) && - (attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE)) + (attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE)) { /* set up and send request */ - attcSetupReq(pCcb, &attcCb.onDeck[pCcb->connId]); + attcSetupReq(pCcb, &attcCb.onDeck[pCcb->connId - 1]); /* clear on deck */ - attcCb.onDeck[pCcb->connId].hdr.event = ATTC_MSG_API_NONE; + attcCb.onDeck[pCcb->connId - 1].hdr.event = ATTC_MSG_API_NONE; } } } diff --git a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_sign.c b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_sign.c index 0595be9f0a..9ce745243a 100644 --- a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_sign.c +++ b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_sign.c @@ -178,7 +178,7 @@ static void attcSignMsgCback(attcCcb_t *pCcb, attcSignMsg_t *pMsg) /* verify no API request already waiting on deck or in progress, * and no signed write already in progress */ - if ((attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE) || + if ((attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE) || (pCcb->outReq.hdr.event > ATTC_MSG_API_MTU) || (attcSignCbByConnId((dmConnId_t) pMsg->hdr.param) != NULL)) { @@ -238,7 +238,7 @@ static void attcSignMsgCback(attcCcb_t *pCcb, attcSignMsg_t *pMsg) pCcb->pMainCcb->sccb[ATT_BEARER_SLOT_ID].control & ATT_CCB_STATUS_FLOW_DISABLED) { /* put request "on deck" for processing later */ - attcCb.onDeck[pCcb->connId] = pCb->msg; + attcCb.onDeck[pCcb->connId - 1] = pCb->msg; } /* otherwise ready to send */ else