2022-12-18: Fix potential CORRUPT HEAP problem on libraries/BLE/src/BLEDevice.cpp

DamianSuess · DamianSuess · commit 1df6931a7ebf · 2023-01-08T16:24:44.000-05:00
espressif/arduino-esp32#7597
diff --git a/src/BLEDevice.cpp b/src/BLEDevice.cpp
@@ -41,7 +41,7 @@
 BLEServer* BLEDevice::m_pServer = nullptr;
 BLEScan*   BLEDevice::m_pScan   = nullptr;
 BLEClient* BLEDevice::m_pClient = nullptr;
-bool       initialized          = false;  
+bool       initialized          = false;
 esp_ble_sec_act_t BLEDevice::m_securityLevel = (esp_ble_sec_act_t)0;
 BLESecurityCallbacks* BLEDevice::m_securityCallbacks = nullptr;
 uint16_t   BLEDevice::m_localMTU = 23;  // not sure if this variable is useful
@@ -348,7 +348,7 @@ gatts_event_handler BLEDevice::m_customGattsHandler = nullptr;
 		}
 
 #ifndef CONFIG_BT_CLASSIC_ENABLED
-		esp_bt_controller_mem_release(ESP_BT_MODE_CLASSIC_BT);  
+		esp_bt_controller_mem_release(ESP_BT_MODE_CLASSIC_BT);
 #endif
 		esp_bt_controller_config_t bt_cfg = BT_CONTROLLER_INIT_CONFIG_DEFAULT();
 		errRc = esp_bt_controller_init(&bt_cfg);
@@ -577,7 +577,7 @@ BLEAdvertising* BLEDevice::getAdvertising() {
 		log_i("create advertising");
 	}
 	log_d("get advertising");
-	return m_bleAdvertising; 
+	return m_bleAdvertising;
 }
 
 void BLEDevice::startAdvertising() {
@@ -629,10 +629,15 @@ void BLEDevice::addPeerDevice(void* peer, bool _client, uint16_t conn_id) {
 	m_connectedClientsMap.insert(std::pair<uint16_t, conn_status_t>(conn_id, status));
 }
 
+//there may have some situation that invoking this function simultaneously, that will cause CORRUPT HEAP
+//let this function serializable
+portMUX_TYPE BLEDevice::mux = portMUX_INITIALIZER_UNLOCKED;
 void BLEDevice::removePeerDevice(uint16_t conn_id, bool _client) {
+	portENTER_CRITICAL(&mux);
 	log_i("remove: %d, GATT role %s", conn_id, _client?"client":"server");
 	if(m_connectedClientsMap.find(conn_id) != m_connectedClientsMap.end())
 		m_connectedClientsMap.erase(conn_id);
+	portEXIT_CRITICAL(&mux);
 }
 
 /* multi connect support */
@@ -652,8 +657,8 @@ void BLEDevice::removePeerDevice(uint16_t conn_id, bool _client) {
     if (release_memory) {
         esp_bt_controller_mem_release(ESP_BT_MODE_BTDM);  // <-- require tests because we released classic BT memory and this can cause crash (most likely not, esp-idf takes care of it)
     } else {
-        initialized = false;   
-    } 
+        initialized = false;
+    }
 #endif
 }
 
diff --git a/src/BLEDevice.h b/src/BLEDevice.h
@@ -73,6 +73,7 @@ class BLEDevice {
 	static BLEAdvertising* m_bleAdvertising;
 	static esp_gatt_if_t getGattcIF();
 	static std::map<uint16_t, conn_status_t> m_connectedClientsMap;
+	static portMUX_TYPE mux;
 
 	static void gattClientEventHandler(
 		esp_gattc_cb_event_t      event,
