Skip to content

ATT_OP_FIND_INFO_RESP incorrect processing during ATTClass::discoverDescriptors causes crashing #245

New issue
New issue
Open
Open
ATT_OP_FIND_INFO_RESP incorrect processing during ATTClass::discoverDescriptors causes crashing#245
Labels
type: imperfectionPerceived defect in any part of project
@carterd

Description

@carterd
carterd
opened on Jul 9, 2022

Symptoms:

Connecting as Central to 'other' BLE device which responds with ATT_OP_FIND_INFO_RESP using 128-bit UUIDs causes crash!

Location of Issue:

FILE = ArduinoBLE\src\utility\ATT.cpp
FUNC = bool ATTClass::discoverDescriptors(uint16_t connectionHandle, BLERemoteDevice* device)
LINE = 1728-1730 (ish)

Explanation:

responseBuf[1] of ATT_OP_FIND_INFO_RESP is the format of the response as follows:
0x01 = 2 octets of handle, 2 octets of UUID [total 4 octets/bytes]
0x02 = 2 octets of handle, 16 octets of UUID [total 18 octets/bytes]

Current:

uint16_t lengthPerDescriptor = responseBuffer[1] * 4;
uint8_t uuidLen = 2;

Possible Fix:

uint16_t lengthPerDescriptor = responseBuffer[1] * 14 - 10;
uint8_t uuidLen = lengthPerDescriptor - 2;

THANKS GUYS!!!!

Metadata

Metadata

Assignees

No one assigned

    Labels

    type: imperfectionPerceived defect in any part of project

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions