michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: Mesh: Fix unref null pointer

Browse source 
When pb-gatt advertising enabled, after extablish connect,
will call `cb->connected` and `cb->adv_send`.

In previous connected also clear `ADV_FLAG_PROXY` flag, but
in `adv_send` will attempt unref null point buffers.

Signed-off-by: Lingao Meng <menglingao@xiaomi.com>
This commit is contained in:
Lingao Meng 2022-03-22 14:15:27 +08:00 committed by Carles Cufí
commit 58a501d6cd
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
subsys/bluetooth/mesh/adv_ext.c
View file

@ -343,9 +343,11 @@ static void adv_sent(struct bt_le_ext_adv *instance,
BT_DBG("Advertising stopped after %u ms", (uint32_t)duration);
atomic_clear_bit(adv->flags, ADV_FLAG_ACTIVE);
atomic_clear_bit(adv->flags, ADV_FLAG_PROXY);
if (!atomic_test_and_clear_bit(adv->flags, ADV_FLAG_PROXY)) {
if (adv->buf) {
net_buf_unref(adv->buf);
adv->buf = NULL;
}
(void)schedule_send(adv);