Mirrors/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-06-01 18:46:34 +03:00
Code Issues Packages Projects Releases Wiki Activity
50,942 Commits 23 Branches 184 Tags
0f8dd0cf5bc8d00aabbbc2bfa96ea78fd801d263
Commit Graph

1919 Commits

Author SHA1 Message Date
Island
1c99ea52c1 Merge branch 'bugfix/optimize_bluedroid_host_code_new' into 'master' 
fix(ble/bluedroid): Use the same legacy gap callback instead of each independent legacy gap event callback

Closes BLERP-2639

See merge request espressif/esp-idf!46344
 2026-03-23 15:28:46 +08:00
Island
c0dfdf9c3b Merge branch 'fix/disable_some_params_check_in_cte_apis' into 'master' 
disable some parameters check in CTE APIs

Closes BLERP-2644

See merge request espressif/esp-idf!46835
 2026-03-23 15:28:15 +08:00
zhiweijian
7d68662c18 disable some parameters check in CTE APIs 2026-03-23 11:09:14 +08:00
Wang Meng Yang
a2ad4b4a8a Merge branch 'bugfix/uninited_stack_var' into 'master' 
fix: fixed possible use of uninitialized stack variables in bta_hf_client_parse_binp

Closes BT-4270

See merge request espressif/esp-idf!46515
 2026-03-20 19:30:50 +08:00
Jiang Jiang Jian
9bde023b12 Merge branch 'bugfix/oob_in_avrc' into 'master' 
FIx: Heap OOB read in Bluedroid AVRCP Target parser

Closes BT-4269

See merge request espressif/esp-idf!46425
 2026-03-20 17:41:11 +08:00
Island
1005d55ddb Merge branch 'feat/support_run_time_alloc_for_esp_ip_test' into 'master' 
Support Mempool Run Time Allocation for ESP IP Chips

Closes BLERP-2622

See merge request espressif/esp-idf!45778
 2026-03-20 16:17:27 +08:00
zhiweijian
d07ce78dcf fix(ble/bluedroid): optimize bluedroid host and fix GAP, memory, status and BTM API issues 
- return HCI_ERR_MEMORY_FULL on cmd buffer alloc failure
- remove legacy adv/scan semaphores and mutex
- Use the same legacy gap callback instead of each independent legacy gap event callback
 2026-03-19 20:59:28 +08:00
cjin
84d75cf772 feat(ble): supported ble mempool run time allocation for esp ip chips 2026-03-19 16:46:02 +08:00
zhiweijian
50747e4f63 fix(ble/bluedroid): Null/range checks, crypto cleanup and API consistency 
- smp_api.h/smp_int.h: SMP_OPCODE_ARRAY_SIZE and SecureConnectionOobDataReply
  declaration alignment
- p_256_ecc_pp/p_256_multprecision: bounds and overflow fixes in ECC/multiprecision
- smp_act: init le_key; p_dev_rec null check in smp_key_distribution;
  smp_compute_dhkey failure notify in smp_both_have_public_keys
- smp_api: early state/cb_evt check in SMP_SecureConnectionOobDataReply
- smp_cmac: input/length validation in cmac_aes_k_calculate and
  aes_cipher_msg_auth_code
- smp_keys: smp_gen_p2_4_confirm return and smp_calculate_comfirm_cont;
  smp_process_private_key/smp_compute_dhkey cleanup and peer_pub_be clear
- smp_l2c: fix callback param types with L2CAP
- smp_main: event/state bounds in smp_sm_event; smp_get_event_name default string
- smp_utils: cmd_code<SMP_OPCODE_ARRAY_SIZE and smp_cmd_build_act check;
  smp_mask_enc_key/smp_command_has_invalid_parameters bounds
 2026-03-18 16:49:09 +08:00
zhiweijian
16d523e9bf fix(ble/bluedroid): BLE credit, reject when p_rcb NULL, timeout and leak fixes 
- l2c_int: align struct/constant types with l2c_ble/l2c_main
- l2c_api: null/state checks in L2CA_SendFixedChnlData
- l2c_ble: reject when p_rcb==NULL, add L2CAP_CMD_BLE_FLOW_CTRL_CREDIT;
  l2cble_init_direct_conn int64_t timeout and link_timeout==0 fix
- l2c_link: null/state checks and cleanup in hci_disc_comp/timeout/send_to_lower
- l2c_main: free p_msg on FCR non-Basic and COC branches; fix LE credit handling;
  process_l2cap_cmd bounds
- l2c_utils: credit/queue cleanup and null checks in l2cu_disconnect_chnl
 2026-03-18 16:49:09 +08:00
zhiweijian
1d31286f1a fix(ble/bluedroid): Fix double-free, exec write, bounds and HCI param checks 
- gap_ble: add length/attribute checks in gap_proc_write_req
- gatt_cl: set p_cmd->p_cmd=NULL before memset to avoid double-free;
  pending_cl_req %= GATT_CL_MAX_LCB
- gatt_sr: fix exec write zeroed_attrs and offset/len bounds, OOM cleanup
- gatt_sr_hash: null checks for p_attr->p_next, p_data+=2, len==0 in
  gatts_calculate_datebase_hash, gatts_show_local_database
- gatt_utils: explicit return NULL, indent, idx<GATT_MAX_APPS checks,
  len>GATT_MAX_ATTR_LEN, gatt_cleanup_upon_disc dealloc branch
- hciblecmds: length/handle validation in BLE ext adv/BIG sync HCI commands
 2026-03-18 16:38:25 +08:00
zhiweijian
537661fb2e fix(ble/bluedroid): Event length checks and timer/alarm error handling 
- btu_hcif: validate p_msg->len and hci_evt_len in process_event; pass evt_len to
  sub-handlers; fix cs_subevt num_steps_reported==0 malloc; bounds in
  command_complete and role_change_evt
- btu_task: handle osi_alarm_new/hash_map_set failure in btu_start_timer,
  btu_start_quick_timer, btu_start_timer_oneshot
 2026-03-18 16:38:25 +08:00
zhiweijian
65b2cb2728 fix(ble/bluedroid): BLE GAP/ACL/ISO/SCO null checks, evt_len and resource handling 
- btm_acl: malloc/list_append failure handling, remove/memset order in btm_acl_removed
- btm_ble: remove incorrect sec_flags in SMP_OOB/NC/SC_OOB fall-through
- btm_ble_5_gap: btm_ble_hci_status_to_str unreachable return,
  BTM_BleSetExtendedAdvParams/BleStartExtAdv leak and bounds
- btm_ble_addr: fix indent in btm_find_dev_by_identity_addr
- btm_ble_gap: null check p_service_data, pass evt_len to btm_ble_process_adv_pkt,
  bounds in process_adv_pkt
- btm_ble_iso: align param types with declaration
- btm_ble_privacy: handle BTM_BLE_IRK_LIST_INVALID_INDEX in update_resolving_list,
  comment fixes
- btm_devctl: fix btm_vsc_complete param order/type
- btm_sco: add evt_len to btm_sco_process_num_completed_pkts for bounds check
- btm_ble_int.h/btm_int.h: add evt_len to process_adv_pkt and
  process_num_completed_pkts declarations
 2026-03-18 16:38:24 +08:00
zhiweijian
778dd2ab5e fix(ble/bluedroid): Add length/pointer checks and fix error paths 
- hci_hal_h4: validate packet length and pointers in hci_packet_complete,
  hdl_rx_adv_rpt, callbacks
- hci_layer: align hci_start_up error path and return; validate packet len in
  filter_incoming_event
- hci_packet_factory: ensure BT_HDR length/offset initialized in make_command_no_params
- packet_fragmenter: validate length before fragment_and_dispatch
 2026-03-18 16:38:24 +08:00
zhiweijian
b83647f5ea fix(ble/bluedroid): Align config, controller indent and init error paths 
- bt_target: remove/align obsolete macros with Kconfig
- device/controller: fix start_up() Secure Connections indent,
  get_ble_resolving_list_max_size return type
- controller.h: align type/interface declarations with implementation
- bte_init: remove unused/redundant code
- bte_main: return -1 on osi_init failure, null check in bte_main_hci_send
 2026-03-18 16:38:24 +08:00
zhiweijian
6f5d9e3440 fix(ble/bluedroid): Fix init failure handling, storage/config and GATT leaks 
- btc_main: handle bte_main_boot_entry failure with cleanup and future_ready(FUTURE_FAIL)
- btc_ble_storage: fix key/length validation in _btc_storage_get_ble_bonding_key
- btc_config: align return/error contract with callers
- btc_dm: use safe BTA_SERVICE_ID_TO_SERVICE_MASK, fix sec_cb_handler type
- btc_gatt_util: fix btc_to_bta_response/set_read_value length and bounds
- btc_gatts: future_free on early return, max_nb_attr uint16_t, fail cleanup,
  handle bounds
- btc_ble_cte/btc_iso_ble: fix callback type/param consistency with BTA
 2026-03-18 16:38:24 +08:00
zhiweijian
f4cec2ac4e fix(ble/bluedroid): Add null/range checks and fix resource handling in BTA layer 
- bta_dm_int: fix BTA_SERVICE_ID_TO_SERVICE_MASK undefined behavior (1<<id when id>=32)
- bta_gattc_main: add event bounds check before state table lookup
- bta_gattc_utils: null checks for remote_bda/p_rcb, fix list_free in clcb_dealloc,
  bta_to_btif_uuid fixes
- bta_gatts_act: fix formatting/indent in send_service_change_indication
- bta_gatts_api: validate attr_val/len, add error logs on alloc failure
- bta_sys_main: null/range checks in sm_execute, alarm/hash_map error handling in
  bta_alarm_cb
 2026-03-18 16:38:24 +08:00
Wang Meng Yang
594679aa73 Merge branch 'bugfix/fix_call_spp_start_discovert_twice_crash' into 'master' 
fix(bt): fix crash when calling esp_spp_start_discovery twice in succession

Closes IDFCI-6478 and IDFCI-8863

See merge request espressif/esp-idf!46343
 2026-03-16 19:04:10 +08:00
Wang Meng Yang
c941926ee7 Merge branch 'feat/bt_distance_test' into 'master' 
feat(bt): Add APIs to read ACL real RSSI and read/write tx power of inq/iscan/page/pscan/ACL

Closes BT-4155

See merge request espressif/esp-idf!45601
 2026-03-16 15:09:19 +08:00
Island
bdf808b34f Merge branch 'feat/add_bluedroid_cancel_open_api' into 'master' 
feat(ble/bluedroid): Added cancel open function for bluedroid

See merge request espressif/esp-idf!46305
 2026-03-16 14:36:19 +08:00
Jin Cheng
34143d48ee fix(bt/bluedroid): fixed possible use of uninitialized stack variables in bt_hf_client_at.c 2026-03-16 12:09:06 +08:00
Wang Meng Yang
13d8a6e405 Merge branch 'bugfix/report_hid_close_evt' into 'master' 
fix(hid): Fixed HID repeatedly reporting the close event

Closes BT-4238

See merge request espressif/esp-idf!45593
 2026-03-13 15:37:18 +08:00
yangfeng
7a0771d2c8 feat(bt): Add APIs to control transmit power level 
- API to read ACL real RSSI
- APIs to read/write tx power of inq/iscan/page/pscan/ACL
 2026-03-13 10:12:40 +08:00
yangfeng
cf554d6d61 fix(hid): Fixed HID repeatedly reporting the close event 2026-03-13 09:45:14 +08:00
xiongweichao
1d77103291 fix(bt): fix crash when calling esp_spp_start_discovery twice in succession 2026-03-12 02:06:05 +00:00
Sumeet Singh
54e4531d40 fix(nimble): modify logic to print mbuf in ble_hs_log_mbuf 2026-03-11 17:08:31 +05:30
zhiweijian
a3c09afd85 feat(ble/bluedroid): Added cancel open function for bluedroid 2026-03-10 10:25:10 +08:00
Jin Cheng
60f9362f83 fix(bt/bluedroid): fixed possible OOB read in avrc_pars_vendor_cmd 2026-03-10 08:43:56 +08:00
Island
a21a86f749 Merge branch 'fix/ble_hci_log_direction' into 'master' 
feat(ble_log): encode HCI direction in ble_log pipeline

See merge request espressif/esp-idf!46137
 2026-03-05 10:29:50 +08:00
Zhou Xiao
8fd5dbb730 feat(ble_log): encode HCI direction in ble_log pipeline 
Add ble_log_write_hci macro that encodes upstream/downstream direction
in MSB of HCI type byte. Update all 4 callsites (NimBLE + Bluedroid)
to use the new macro. Parser reads MSB to determine direction;
backward compatible (old firmware MSB=0 defaults to "sent").
 2026-03-04 10:54:48 +08:00
Rahul Tank
6f470bdbb9 fix(nimble): Add header file to expose macros 2026-03-03 14:03:45 +05:30
Rahul Tank
70b2ece581 Merge branch 'bugfix/gatt_memory_leak' into 'master' 
fix(nimble): Fixed memory leak when dynamic services are disabled

Closes BLERP-2612

See merge request espressif/esp-idf!46094
 2026-03-03 14:00:08 +05:30
zhiweijian
ba0537c118 fix(ble/bluedroid): Fixed read or write failed if SMP is disabled 2026-03-02 18:32:20 +08:00
Island
616951585e Merge branch 'bugfix/fix_some_bluedroid_bugs_260121' into 'master' 
Bugfix/fix some bluedroid bugs 260121

Closes BLERP-2581

See merge request espressif/esp-idf!45850
 2026-03-02 10:36:39 +08:00
zhiweijian
611eef480a fix(ble/bluedroid): fix ISO HCI layer and update Kconfig 
- Fix ISO HCI functions and remove unused code
- Fix spelling: BROCASTER to BROADCASTER in Kconfig and headers
- Update common config headers for consistency
 2026-02-27 18:00:07 +08:00
zhiweijian
e118d053b3 fix(ble/bluedroid): fix L2CAP, SMP and HCI command issues 
- Fix active_count check in l2cu_ble_plcb_active_count
- Restore previous state if connection command fails
- Fix HCI cmd buffer size off-by-one errors
- Fix connect handle length errors
- Fix channel sounding event status handling
- Fix SMP param_len check in smp_rand_back
- Fix spelling: BROCASTER to BROADCASTER in definitions
 2026-02-27 17:59:59 +08:00
zhiweijian
e0ccc644a8 fix(ble/bluedroid): fix GAP, advertising and security issues in BTM layer 
- Fix adv state restore and reset if start/stop failed
- Fix periodic adv v2 event without PAWR feature enabled
- Fix periodic adv sync establish skip handling
- Fix resolving list max_size validation
- Fix RPA addr_type update after host-side resolution
- Fix pairing_state reset if p_dev_rec alloc failed
- Fix ISO cis_cnt limit and ext adv parameter check
- Try to delete smp keys even if not in device list
 2026-02-27 17:59:46 +08:00
zhiweijian
6242e0244c fix(ble/bluedroid): fix GATT protocol and database operation issues 
- Fix GATTC read by type length error and rsp pdu format check
- Fix p_cur_handle update in gatts_db_read_attr_value_by_type
- Fix len calculation error in calculate_database_info_size
- Replace gatt_find_the_connected_bda with p_tcb_list iteration
- Send cmd reject if cid is invalid
- Fix param_len check in smp_rand_back
- Remove duplicate uuid compare functions
 2026-02-27 17:59:35 +08:00
zhiweijian
1fea299dc9 fix(ble/bluedroid): fix parameter handling and deep copy in BTC layer 
- Fix CS and CTE callback deep copy errors in btc_gap_ble
- Fix incorrect parameter check in btc_gattc_prepare_write_char_descr
- Fix conn_handle length error and malloc failure handling
- Fix memcpy error and reset params if malloc failed
- Fix spelling: BROCASTER to BROADCASTER
- Delete unused ISO functions in btc_iso_ble
 2026-02-27 17:59:24 +08:00
zhiweijian
c7931bedf5 fix(ble/bluedroid): fix state management and security issues in BTA DM layer 
- Fix out-of-bounds read and peer_device cleanup in bta_dm_acl_change
- Fix adv state restore and BTM status usage in bta_dm_ble_advstop
- Fix remove security device failed due to invalid transport
- Rename tBTA_DM_API_BLE_OBSERVE to tBTA_DM_API_BLE_ADVACTION
- Remove unused btm_sec_find_bonded_dev()
 2026-02-27 17:59:13 +08:00
zhiweijian
d4f3517da4 fix(ble/bluedroid): fix memory safety and state issues in BTA GATT layer 
- Fix use-after-free and double-free in bta_gattc_update_include_service
- Fix heap buffer overflow in GATT database operations
- Fix GATTC cache load attr length check and NVS handle leak
- Fix parameter validation in bta_gattc_uuid_compare
- Ensure all CLCBs are cleaned up on deregister
- Remove unused bta_gattc_open_error
- Unify GATT db count/fill by declaration handle range
- Fix return status in gatts_set_attribute_value
 2026-02-27 17:59:02 +08:00
zhiweijian
562cd2eae5 fix(ble/bluedroid): fix parameter validation and cleanup in ISO and CTE APIs 
- Add parameter validation in esp_ble_iso_api and esp_ble_cte_api
- Delete unused ISO functions and incorrect parameter checks
- Add host status check in esp_ble_iso_get_callback()
- Fix CTE parameter handling when enable value is 0
 2026-02-27 17:58:50 +08:00
zhiweijian
d439a3fcce fix(ble/bluedroid): fix parameter validation and initialization in BLE APIs 
- Add parameter validation in esp_gap_ble_api, esp_gattc_api, esp_gatts_api
- Initialize API args to prevent undefined behavior
- Add host status checks in API functions
- Fix memory leak if bluedroid init failed
 2026-02-27 17:58:36 +08:00
Rahul Tank
6088c47365 fix(nimble): Fixed memory leak when dynamic services are disabled 2026-02-27 11:14:45 +05:30
Linyan Liu
8829f28561 fix(ble): Miscellaneous ISO fixes due to some previous changes 2026-02-26 08:31:51 +08:00
Rahul Tank
684a81b4f3 fix(nimble): Fix various issues for security/vulnerability in host 2026-02-23 14:04:11 +05:30
Astha Verma
1de52330b3 fix(nimble): Fix memory leak when enabling gatt caching 2026-02-16 10:57:35 +05:30
Rahul Tank
a440f62fb4 fix(nimble): Fix tinycrypt compilation issues when enabled 2026-02-16 10:57:03 +05:30
Rahul Tank
379943f60f fix(nimble): Fix to not send legacy command incorrectly 2026-02-16 10:55:31 +05:30
Rahul Tank
c3c99ef135 fix(nimble): Handle scenario of simultaneous connect 2026-02-16 10:54:54 +05:30