Skip to content

Bug: crash when handling ESP_GATTS_MTU_EVT event without m_pServerCallbacks set #5573

New issue
New issue
Closed
Closed
Bug: crash when handling ESP_GATTS_MTU_EVT event without m_pServerCallbacks set#5573
@Marcus10110

Description

@Marcus10110
Marcus10110
opened on Aug 21, 2021

I'm attempting to connect to the BLE Server demo using the iOS application LightBlue.

Hardware: Adafruit ESP32 Feather & iPhone
arduino-esp32 version 2.0.0-rc1, Arduino IDE 1.8.15

The sample code from here can reproduce the issue:
https://www.electronicshub.org/esp32-ble-tutorial/

To reproduce:

  1. Program ESP32 with sample code above.
  2. Open LightBlue app on iPhone. locate the device in the list, and select it.

Expected: the app should interregate the BLE device for information and display it.
Actual: the ESP32 crashes with this call stack:

PC: 0x400d6d15: BLEServer::handleGATTServerEvent(esp_gatts_cb_event_t, unsigned char, esp_ble_gatts_cb_param_t*) at C:\Users\markg\AppData\Local\Arduino15\packages\esp32\hardware\esp32\2.0.0-rc1\libraries\BLE\src\BLEServer.cpp line 160
EXCVADDR: 0x00000000

Decoding stack results
0x400d6d12: BLEServer::handleGATTServerEvent(esp_gatts_cb_event_t, unsigned char, esp_ble_gatts_cb_param_t*) at C:\Users\markg\AppData\Local\Arduino15\packages\esp32\hardware\esp32\2.0.0-rc1\libraries\BLE\src\BLEServer.cpp line 160
0x400d525d: BLEDevice::gattServerEventHandler(esp_gatts_cb_event_t, unsigned char, esp_ble_gatts_cb_param_t*) at C:\Users\markg\AppData\Local\Arduino15\packages\esp32\hardware\esp32\2.0.0-rc1\libraries\BLE\src\BLEDevice.cpp line 123
0x400ea835: btc_gatts_cb_handler at /Users/ficeto/Desktop/ESP32/ESP32S2/esp-idf-public/components/bt/host/bluedroid/btc/profile/std/gatt/btc_gatts.c line 46
0x4011409f: btc_thread_handler at /Users/ficeto/Desktop/ESP32/ESP32S2/esp-idf-public/components/bt/common/btc/core/btc_task.c line 184
0x40115f23: osi_thread_run at /Users/ficeto/Desktop/ESP32/ESP32S2/esp-idf-public/components/bt/common/osi/thread.c line 67

Specifically, when BLEServer::handleGATTServerEvent tries to handle a ESP_GATTS_MTU_EVT, it tries to call a method on m_pServerCallbacks without checking if it's null first.

All other calls to m_pServerCallbacks are wrapped with a null check.

Simply adding a server callback object gets around the crash:

BLEServer *pServer = BLEDevice::createServer();
pServer->setCallbacks(new BLEServerCallbacks());

arduino-esp32/libraries/BLE/src/BLEServer.cpp

Line 160 in 90c01da

m_pServerCallbacks->onMtuChanged(this, param);

If I have time later I'll open a PR. I'm pretty sure this will fix it:

		case ESP_GATTS_MTU_EVT:
			updatePeerMTU(param->mtu.conn_id, param->mtu.mtu);
			if (m_pServerCallbacks != nullptr) {
				m_pServerCallbacks->onMtuChanged(this, param);
			}
			break;

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions