BLE: Fix incorrect index used to access attsCb.prepWriteQueue in Cordio

pan- · pan- · commit 542b725545da · 2020-10-19T17:21:49.000+01:00
The connection id starts at the value 1. The entry accessed in the array should be connId - 1
diff --git a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_main.c b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_main.c
@@ -366,7 +366,7 @@ void attsClearPrepWrites(attsCcb_t *pCcb)
 {
   void *pBuf;
 
-  while ((pBuf = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId])) != NULL)
+  while ((pBuf = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId - 1])) != NULL)
   {
     WsfBufFree(pBuf);
   }
diff --git a/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_write.c b/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_write.c
@@ -265,7 +265,7 @@ void attsProcPrepWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
     err = ATT_ERR_LENGTH;
   }
   /* verify prepare write queue limit not reached */
-  else if (WsfQueueCount(&attsCb.prepWriteQueue[pCcb->connId]) >= pAttCfg->numPrepWrites)
+  else if (WsfQueueCount(&attsCb.prepWriteQueue[pCcb->connId - 1]) >= pAttCfg->numPrepWrites)
   {
     err = ATT_ERR_QUEUE_FULL;
   }
@@ -288,7 +288,7 @@ void attsProcPrepWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
     pPrep->handle = handle;
     pPrep->offset = offset;
     memcpy(pPrep->packet, pPacket, writeLen);
-    WsfQueueEnq(&attsCb.prepWriteQueue[pCcb->connId], pPrep);
+    WsfQueueEnq(&attsCb.prepWriteQueue[pCcb->connId - 1], pPrep);
 
     /* allocate response buffer */
     if ((pBuf = attMsgAlloc(L2C_PAYLOAD_START + ATT_PREP_WRITE_RSP_LEN + writeLen)) != NULL)
@@ -342,7 +342,7 @@ void attsProcExecWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
   else if (*pPacket == ATT_EXEC_WRITE_ALL)
   {
     /* iterate over prepare write queue and verify offset and length */
-    for (pPrep = attsCb.prepWriteQueue[pCcb->connId].pHead; pPrep != NULL; pPrep = pPrep->pNext)
+    for (pPrep = attsCb.prepWriteQueue[pCcb->connId - 1].pHead; pPrep != NULL; pPrep = pPrep->pNext)
     {
       /* find attribute */
       if ((pAttr = attsFindByHandle(pPrep->handle, &pGroup)) != NULL)
@@ -371,7 +371,7 @@ void attsProcExecWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
     if (err == ATT_SUCCESS)
     {
       /* for each buffer */
-      while ((pPrep = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId])) != NULL)
+      while ((pPrep = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId - 1])) != NULL)
       {
         /* write buffer */
         if ((err = attsExecPrepWrite(pCcb, pPrep)) != ATT_SUCCESS)

Original file line number	Diff line number	Diff line change
`@@ -366,7 +366,7 @@ void attsClearPrepWrites(attsCcb_t *pCcb)`
`366`	`366`	`{`
`367`	`367`	`void *pBuf;`
`368`	`368`
`369`		`- while ((pBuf = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId])) != NULL)`
	`369`	`+ while ((pBuf = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId - 1])) != NULL)`
`370`	`370`	`{`
`371`	`371`	`WsfBufFree(pBuf);`
`372`	`372`	`}`
Original file line number	Diff line number	Diff line change
`@@ -265,7 +265,7 @@ void attsProcPrepWriteReq(attsCcb_t pCcb, uint16_t len, uint8_t pPacket)`
`265`	`265`	`err = ATT_ERR_LENGTH;`
`266`	`266`	`}`
`267`	`267`	`/* verify prepare write queue limit not reached */`
`268`		`- else if (WsfQueueCount(&attsCb.prepWriteQueue[pCcb->connId]) >= pAttCfg->numPrepWrites)`
	`268`	`+ else if (WsfQueueCount(&attsCb.prepWriteQueue[pCcb->connId - 1]) >= pAttCfg->numPrepWrites)`
`269`	`269`	`{`
`270`	`270`	`err = ATT_ERR_QUEUE_FULL;`
`271`	`271`	`}`
`@@ -288,7 +288,7 @@ void attsProcPrepWriteReq(attsCcb_t pCcb, uint16_t len, uint8_t pPacket)`
`288`	`288`	`pPrep->handle = handle;`
`289`	`289`	`pPrep->offset = offset;`
`290`	`290`	`memcpy(pPrep->packet, pPacket, writeLen);`
`291`		`- WsfQueueEnq(&attsCb.prepWriteQueue[pCcb->connId], pPrep);`
	`291`	`+ WsfQueueEnq(&attsCb.prepWriteQueue[pCcb->connId - 1], pPrep);`
`292`	`292`
`293`	`293`	`/* allocate response buffer */`
`294`	`294`	`if ((pBuf = attMsgAlloc(L2C_PAYLOAD_START + ATT_PREP_WRITE_RSP_LEN + writeLen)) != NULL)`
`@@ -342,7 +342,7 @@ void attsProcExecWriteReq(attsCcb_t pCcb, uint16_t len, uint8_t pPacket)`
`342`	`342`	`else if (*pPacket == ATT_EXEC_WRITE_ALL)`
`343`	`343`	`{`
`344`	`344`	`/* iterate over prepare write queue and verify offset and length */`
`345`		`- for (pPrep = attsCb.prepWriteQueue[pCcb->connId].pHead; pPrep != NULL; pPrep = pPrep->pNext)`
	`345`	`+ for (pPrep = attsCb.prepWriteQueue[pCcb->connId - 1].pHead; pPrep != NULL; pPrep = pPrep->pNext)`
`346`	`346`	`{`
`347`	`347`	`/* find attribute */`
`348`	`348`	`if ((pAttr = attsFindByHandle(pPrep->handle, &pGroup)) != NULL)`
`@@ -371,7 +371,7 @@ void attsProcExecWriteReq(attsCcb_t pCcb, uint16_t len, uint8_t pPacket)`
`371`	`371`	`if (err == ATT_SUCCESS)`
`372`	`372`	`{`
`373`	`373`	`/* for each buffer */`
`374`		`- while ((pPrep = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId])) != NULL)`
	`374`	`+ while ((pPrep = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId - 1])) != NULL)`
`375`	`375`	`{`
`376`	`376`	`/* write buffer */`
`377`	`377`	`if ((err = attsExecPrepWrite(pCcb, pPrep)) != ATT_SUCCESS)`