Skip to content

Commit

Permalink
nimble/host: Zero initialize buffer after allocation
Browse files Browse the repository at this point in the history
  • Loading branch information
rahult-github committed Feb 8, 2024
1 parent 572e5fb commit 6b954aa
Show file tree
Hide file tree
Showing 11 changed files with 28 additions and 1 deletion.
3 changes: 3 additions & 0 deletions apps/auracast/src/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,7 @@ base_create()
return BLE_HS_ENOMEM;
}

memset(bis_left, 0, sizeof *bis_left);
bis_left->codec_spec_config = os_memblock_get(&codec_spec_pool);
memcpy(bis_left->codec_spec_config,
codec_spec_config_left_chan,
Expand All @@ -215,6 +216,7 @@ base_create()
return BLE_HS_ENOMEM;
}

memset(bis_right, 0, sizeof *bis_right);
bis_right->codec_spec_config = os_memblock_get(&codec_spec_pool);
memcpy(bis_right->codec_spec_config,
codec_spec_config_right_chan,
Expand All @@ -230,6 +232,7 @@ base_create()
return BLE_HS_ENOMEM;
}

memset(bis, 0, sizeof *bis);
bis->codec_spec_config = os_memblock_get(&codec_spec_pool);
memcpy(bis->codec_spec_config,
codec_spec_config,
Expand Down
10 changes: 10 additions & 0 deletions apps/btshell/src/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -2251,6 +2251,7 @@ btshell_l2cap_coc_add(uint16_t conn_handle, struct ble_l2cap_chan *chan)
return ENOMEM;
}

memset(coc, 0, sizeof *coc);
coc->chan = chan;

prev = NULL;
Expand Down Expand Up @@ -2734,6 +2735,7 @@ btshell_broadcast_base_add(uint8_t adv_instance, uint32_t presentation_delay)
return ENOMEM;
}

memset(base, 0, sizeof *base);
free_base_idx = btshell_base_find_free();
if (free_base_idx < 0) {
return ENOMEM;
Expand Down Expand Up @@ -2766,6 +2768,7 @@ btshell_broadcast_big_sub_add(uint8_t adv_instance,
return ENOMEM;
}

memset(big_sub, 0, sizeof *big_sub);
base = btshell_base_find(adv_instance);
if (!base) {
os_memblock_put(&btshell_big_sub_pool, big_sub);
Expand All @@ -2778,6 +2781,7 @@ btshell_broadcast_big_sub_add(uint8_t adv_instance,
os_memblock_put(&btshell_big_sub_pool, big_sub);
return ENOMEM;
}
memset(new_metadata, 0, sizeof *new_metadata);
memcpy(new_metadata, metadata, metadata_len);
}

Expand All @@ -2788,6 +2792,7 @@ btshell_broadcast_big_sub_add(uint8_t adv_instance,
os_memblock_put(&btshell_metadata_pool, new_metadata);
return ENOMEM;
}
memset(new_codec_spec_cfg, 0, sizeof *new_codec_spec_cfg);
memcpy(new_codec_spec_cfg, codec_spec_cfg, codec_spec_cfg_len);
}

Expand Down Expand Up @@ -2837,12 +2842,15 @@ btshell_broadcast_bis_add(uint8_t adv_instance,
return ENOMEM;
}

memset(bis, 0, sizeof *bis);

if (codec_spec_cfg_len > 0) {
new_codec_spec_cfg = os_memblock_get(&btshell_codec_spec_pool);
if (!new_codec_spec_cfg) {
os_memblock_put(&btshell_bis_pool, bis);
return ENOMEM;
}
memset(new_codec_spec_cfg, 0, sizeof *new_codec_spec_cfg);
memcpy(new_codec_spec_cfg, codec_spec_cfg, codec_spec_cfg_len);
}

Expand Down Expand Up @@ -2884,6 +2892,8 @@ btshell_broadcast_create(uint8_t adv_instance,
return ENOMEM;
}

memset(big_params_ptr, 0, sizeof *big_params_ptr);

*big_params_ptr = big_params;

create_params.base = base;
Expand Down
1 change: 1 addition & 0 deletions nimble/host/src/ble_audio_broadcast.c
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ ble_audio_broadcast_create(const struct ble_broadcast_create_params *params,

broadcast = os_memblock_get(&ble_audio_broadcast_pool);

memset(broadcast, 0, sizeof *broadcast);
broadcast->adv_instance = params->adv_instance;
broadcast->base = params->base;
broadcast->big_params = params->big_params;
Expand Down
1 change: 1 addition & 0 deletions nimble/host/src/ble_eatt.c
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,7 @@ ble_eatt_alloc(void)
SLIST_INSERT_HEAD(&g_ble_eatt_list, eatt, next);
}

memset(eatt, 0, sizeof *eatt);
eatt->conn_handle = BLE_HS_CONN_HANDLE_NONE;
eatt->chan = NULL;
eatt->client_op = 0;
Expand Down
1 change: 1 addition & 0 deletions nimble/host/src/ble_gatts.c
Original file line number Diff line number Diff line change
Expand Up @@ -1250,6 +1250,7 @@ ble_gatts_start(void)
goto done;
}

memset(ble_gatts_clt_cfgs, 0, sizeof *ble_gatts_clt_cfgs);
/* Fill the cache. */
idx = 0;
ha = NULL;
Expand Down
1 change: 1 addition & 0 deletions nimble/host/src/ble_hs.c
Original file line number Diff line number Diff line change
Expand Up @@ -558,6 +558,7 @@ ble_hs_enqueue_hci_event(uint8_t *hci_evt)
if (ev == NULL) {
ble_transport_free(hci_evt);
} else {
memset(ev, 0, sizeof *ev);
ble_npl_event_init(ev, ble_hs_event_rx_hci_ev, hci_evt);
ble_npl_eventq_put(ble_hs_evq, ev);
}
Expand Down
1 change: 1 addition & 0 deletions nimble/transport/cdc/src/cdc_hci.c
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,7 @@ cdc_hci_get_usb_in_packet(void)
{
struct usb_in_packet *packet = (struct usb_in_packet *)os_memblock_get(&usb_in_packet_pool);
if (packet) {
memset(packet, 0, sizeof *packet);
packet->data = NULL;
}
return packet;
Expand Down
4 changes: 3 additions & 1 deletion nimble/transport/emspi/src/ble_hci_emspi.c
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,7 @@ ble_hci_emspi_acl_tx(struct os_mbuf *om)
return BLE_ERR_MEM_CAPACITY;
}

memset(pkt, 0, sizeof *pkt);
pkt->type = BLE_HCI_EMSPI_PKT_ACL;
pkt->data = om;

Expand Down Expand Up @@ -284,6 +285,7 @@ ble_hci_emspi_cmdevt_tx(uint8_t *cmd_buf, uint8_t pkt_type)
return BLE_ERR_MEM_CAPACITY;
}

memset(pkt, 0, sizeof *pkt);
pkt->type = pkt_type;
pkt->data = cmd_buf;

Expand Down Expand Up @@ -695,4 +697,4 @@ int
ble_transport_to_ll_acl_impl(struct os_mbuf *om)
{
return ble_hci_emspi_acl_tx(om);
}
}
3 changes: 3 additions & 0 deletions nimble/transport/uart/src/hci_uart.c
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,7 @@ ble_transport_to_hs_evt_impl(void *buf)
return -ENOMEM;
}

memset(txe, 0, sizeof *txe);
txe->type = HCI_H4_EVT;
txe->sent_type = 0;
txe->len = 2 + ((uint8_t *)buf)[1];
Expand Down Expand Up @@ -213,6 +214,7 @@ ble_transport_to_hs_acl_impl(struct os_mbuf *om)
return -ENOMEM;
}

memset(txe, 0, sizeof *txe);
txe->type = HCI_H4_ACL;
txe->sent_type = 0;
txe->len = OS_MBUF_PKTLEN(om);
Expand Down Expand Up @@ -241,6 +243,7 @@ ble_transport_to_hs_iso_impl(struct os_mbuf *om)
return -ENOMEM;
}

memset(txe, 0, sizeof *txe);
txe->type = HCI_H4_ISO;
txe->sent_type = 0;
txe->len = OS_MBUF_PKTLEN(om);
Expand Down
2 changes: 2 additions & 0 deletions nimble/transport/uart_ll/src/hci_uart.c
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,7 @@ ble_transport_to_ll_cmd_impl(void *buf)
return -ENOMEM;
}

memset(txe, 0, sizeof *txe);
txe->type = HCI_H4_CMD;
txe->sent_type = 0;
txe->len = 3 + ((uint8_t *)buf)[2];
Expand Down Expand Up @@ -209,6 +210,7 @@ ble_transport_to_ll_acl_impl(struct os_mbuf *om)
return -ENOMEM;
}

memset(txe, 0, sizeof *txe);
txe->type = HCI_H4_ACL;
txe->sent_type = 0;
txe->len = OS_MBUF_PKTLEN(om);
Expand Down
2 changes: 2 additions & 0 deletions nimble/transport/usb/src/ble_hci_usb.c
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,7 @@ ble_hci_trans_ll_tx(struct tx_queue *queue, struct os_mbuf *om)
return BLE_ERR_MEM_CAPACITY;
}

memset(pkt, 0, sizeof *pkt);
pkt->data = om;
OS_ENTER_CRITICAL(sr);
first = STAILQ_EMPTY(&queue->queue);
Expand Down Expand Up @@ -229,6 +230,7 @@ ble_hci_trans_ll_evt_tx(void *buf)
return BLE_ERR_MEM_CAPACITY;
}

memset(pkt, 0, sizeof *pkt);
pkt->data = hci_ev;
OS_ENTER_CRITICAL(sr);
first = STAILQ_EMPTY(&ble_hci_tx_evt_queue.queue);
Expand Down

0 comments on commit 6b954aa

Please sign in to comment.