Commit 5ce9d0c6 authored by Vinayak Kariappa Chettimada's avatar Vinayak Kariappa Chettimada Committed by Johan Hedberg
Browse files

Bluetooth: Controller: Fix extended scanning assert on invalid chan_idx 



Fix extended scanning assert on invalid chan_idx received in
the aux pointer structure.

Signed-off-by: default avatarVinayak Kariappa Chettimada <vich@nordicsemi.no>
parent ac851ca1

subsys/bluetooth/controller/ll_sw/nordic/lll/lll_scan_aux.c

+2 −1
Original line number Diff line number Diff line
@@ -170,7 +170,8 @@ uint8_t lll_scan_aux_setup(struct pdu_adv *pdu, uint8_t pdu_phy, 
	/* No need to scan further if no aux_ptr filled */

	aux_ptr = (void *)pri_dptr;

	if (unlikely(!pri_hdr->aux_ptr || !PDU_ADV_AUX_PTR_OFFSET_GET(aux_ptr) ||

		     (PDU_ADV_AUX_PTR_PHY_GET(aux_ptr) > EXT_ADV_AUX_PHY_LE_CODED))) {

		     (PDU_ADV_AUX_PTR_PHY_GET(aux_ptr) > EXT_ADV_AUX_PHY_LE_CODED) ||

		     (aux_ptr->chan_idx >= CHM_USED_COUNT_MAX))) {

		return 0;

	}

subsys/bluetooth/controller/ll_sw/pdu.h

+1 −0
Original line number Diff line number Diff line
@@ -210,6 +210,7 @@ 


/* Channel Map Unused channels count minimum */

#define CHM_USED_COUNT_MIN     2U

#define CHM_USED_COUNT_MAX     37U



/* Channel Map hop count minimum and maximum */

#define CHM_HOP_COUNT_MIN      5U

subsys/bluetooth/controller/ll_sw/ull_scan_aux.c

+6 −5
Original line number Diff line number Diff line
@@ -585,7 +585,8 @@ void ull_scan_aux_setup(memq_link_t *link, struct node_rx_pdu *rx) 
	if (!aux_ptr || !PDU_ADV_AUX_PTR_OFFSET_GET(aux_ptr) || is_scan_req ||

	    (PDU_ADV_AUX_PTR_PHY_GET(aux_ptr) > EXT_ADV_AUX_PHY_LE_CODED) ||

	    (!IS_ENABLED(CONFIG_BT_CTLR_PHY_CODED) &&

		  PDU_ADV_AUX_PTR_PHY_GET(aux_ptr) == EXT_ADV_AUX_PHY_LE_CODED)) {

	     PDU_ADV_AUX_PTR_PHY_GET(aux_ptr) == EXT_ADV_AUX_PHY_LE_CODED) ||

	    (aux_ptr->chan_idx >= CHM_USED_COUNT_MAX)) {

		if (IS_ENABLED(CONFIG_BT_CTLR_SYNC_PERIODIC) && sync_lll) {

			struct ll_sync_set *sync_set;
@@ -1989,8 +1990,8 @@ void ull_scan_aux_setup(memq_link_t *link, struct node_rx_pdu *rx) 
	if (!aux_ptr || !PDU_ADV_AUX_PTR_OFFSET_GET(aux_ptr) || is_scan_req ||

	    (PDU_ADV_AUX_PTR_PHY_GET(aux_ptr) > EXT_ADV_AUX_PHY_LE_CODED) ||

	    (!IS_ENABLED(CONFIG_BT_CTLR_PHY_CODED) &&

		  PDU_ADV_AUX_PTR_PHY_GET(aux_ptr) == EXT_ADV_AUX_PHY_LE_CODED)) {



	     PDU_ADV_AUX_PTR_PHY_GET(aux_ptr) == EXT_ADV_AUX_PHY_LE_CODED) ||

	    (aux_ptr->chan_idx >= CHM_USED_COUNT_MAX)) {

		if (is_scan_req) {

			LL_ASSERT(chain && chain->rx_last);

CRA Git | Maintained and supported by SUSTech CRA and CCSE