Bluetooth: Fix incorrect checks for command buffer user data
If the buffer given to hci_cmd_done() is not from the command buffer then using the cmd(buf) macro is not valid. Simply bail out from hci_cmd_done() if this is an event that didn't have a matching command buffer. Change-Id: Id8357a23a307f4ef3a9214a4e1f7d853a18cb907 Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This commit is contained in:
Johan Hedberg
parent
5b80603dbd
commit
ce2d74a58a
1 changed files with 5 additions and 1 deletions
|
|
@ -2227,13 +2227,17 @@ static void hci_cmd_done(uint16_t opcode, uint8_t status, struct net_buf *buf)
|
|||
{
|
||||
BT_DBG("opcode 0x%04x status 0x%02x buf %p", opcode, status, buf);
|
||||
|
||||
if (buf->pool != &hci_cmd_pool) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (cmd(buf)->opcode != opcode) {
|
||||
BT_WARN("OpCode 0x%04x completed instead of expected 0x%04x",
|
||||
opcode, cmd(buf)->opcode);
|
||||
}
|
||||
|
||||
/* If the command was synchronous wake up bt_hci_cmd_send_sync() */
|
||||
if (buf->pool == &hci_cmd_pool && cmd(buf)->sync) {
|
||||
if (cmd(buf)->sync) {
|
||||
cmd(buf)->status = status;
|
||||
k_sem_give(cmd(buf)->sync);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue