michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: controller: Fix use of handle field in HCI command handling

Browse source 
Fix use of handle field in HCI command handling for some ISO-related
commands. The response buffer may reuse the command buffer. Therefore,
the handle field must not be copied directly from the command to the
response.

Signed-off-by: Wolfgang Puffitsch <wopu@demant.com>
This commit is contained in:
Wolfgang Puffitsch 2021-09-30 16:57:38 +02:00 committed by Christopher Friedt
commit 7c0b74bc0d
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
subsys/bluetooth/controller/hci/hci.c
View file

@ -1987,7 +1987,7 @@ static void le_iso_transmit_test(struct net_buf *buf, struct net_buf **evt)
rp = hci_cmd_complete(evt, sizeof(*rp));
rp->status = status;
rp->handle = cmd->handle;
rp->handle = sys_cpu_to_le16(handle);
}
static void le_read_iso_tx_sync(struct net_buf *buf, struct net_buf **evt)
@ -2029,7 +2029,7 @@ static void le_iso_receive_test(struct net_buf *buf, struct net_buf **evt)
rp = hci_cmd_complete(evt, sizeof(*rp));
rp->status = status;
rp->handle = cmd->handle;
rp->handle = sys_cpu_to_le16(handle);
}
static void le_iso_read_test_counters(struct net_buf *buf, struct net_buf **evt)
@ -2048,7 +2048,7 @@ static void le_iso_read_test_counters(struct net_buf *buf, struct net_buf **evt)
rp = hci_cmd_complete(evt, sizeof(*rp));
rp->status = status;
rp->handle = cmd->handle;
rp->handle = sys_cpu_to_le16(handle);
rp->received_cnt = sys_cpu_to_le32(received_cnt);
rp->missed_cnt = sys_cpu_to_le32(missed_cnt);
rp->failed_cnt = sys_cpu_to_le32(failed_cnt);
@ -2155,7 +2155,7 @@ static void le_iso_test_end(struct net_buf *buf, struct net_buf **evt)
rp = hci_cmd_complete(evt, sizeof(*rp));
rp->status = status;
rp->handle = cmd->handle;
rp->handle = sys_cpu_to_le16(handle);
rp->received_cnt = sys_cpu_to_le32(received_cnt);
rp->missed_cnt = sys_cpu_to_le32(missed_cnt);
rp->failed_cnt = sys_cpu_to_le32(failed_cnt);