From 6e38356b3cc215766fcb2f19584cf8f3a9078fad Mon Sep 17 00:00:00 2001 From: Mariusz Skamra Date: Wed, 16 Aug 2023 15:44:47 +0200 Subject: [PATCH] tests: Bluetooth: tester: Do not memset the streams on ACL disconnection The streams can be deallocated once bt_bap_stream_ops.released callback is called. Otherwise it may cause memory violation in the stack. Fixes: ASCS/SR/ACP/BV-31-C Signed-off-by: Mariusz Skamra --- tests/bluetooth/tester/src/btp_bap.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/tests/bluetooth/tester/src/btp_bap.c b/tests/bluetooth/tester/src/btp_bap.c index e6a6a804b02..c01441505e0 100644 --- a/tests/bluetooth/tester/src/btp_bap.c +++ b/tests/bluetooth/tester/src/btp_bap.c @@ -177,6 +177,11 @@ static struct audio_stream *stream_alloc(struct audio_connection *conn) return NULL; } +static void stream_free(struct audio_stream *stream) +{ + (void)memset(stream, 0, sizeof(*stream)); +} + static struct audio_stream *stream_find(struct audio_connection *conn, uint8_t ase_id) { for (size_t i = 0; i < ARRAY_SIZE(conn->streams); i++) { @@ -598,7 +603,13 @@ static void stream_released(struct bt_bap_stream *stream) cigs[stream->ep->cig_id] = NULL; } - a_stream->ase_id = 0; + if (stream->ep->dir == BT_AUDIO_DIR_SINK) { + audio_conn->configured_sink_stream_count--; + } else { + audio_conn->configured_source_stream_count--; + } + + stream_free(a_stream); } static void stream_started(struct bt_bap_stream *stream) @@ -1100,15 +1111,11 @@ static void connected(struct bt_conn *conn, uint8_t err) static void disconnected(struct bt_conn *conn, uint8_t reason) { - struct audio_connection *audio_conn; char addr[BT_ADDR_LE_STR_LEN]; bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr)); LOG_DBG("Disconnected: %s (reason 0x%02x)", addr, reason); - - audio_conn = &connections[bt_conn_index(conn)]; - memset(audio_conn, 0, sizeof(*audio_conn)); } static struct bt_conn_cb conn_callbacks = {