fix(bt/bluedroid): Fix some bugs in PBAP client

esp-lrh · esp-lrh · commit 42ddce477f70 · 2025-01-23T16:28:43.000+08:00
- Supported feature not set correctly
- Array access out of bounds issue
- Type conversion warning
diff --git a/components/bt/host/bluedroid/bta/pba/bta_pba_client_act.c b/components/bt/host/bluedroid/bta/pba/bta_pba_client_act.c
@@ -334,22 +334,22 @@ static void goep_event_callback(UINT16 handle, UINT8 event, tGOEPC_MSG *p_msg)
     switch (event)
     {
     case GOEPC_OPENED_EVT:
-        p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_GOEP_CONNECT));
+        p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_DATA));
         assert(p_data != NULL);
         p_data->goep_connect.hdr.event = BTA_PBA_CLIENT_GOEP_CONNECT_EVT;
         p_data->goep_connect.hdr.layer_specific = handle;
         p_data->goep_connect.our_mtu = p_msg->opened.our_mtu;
         p_data->goep_connect.peer_mtu = p_msg->opened.peer_mtu;
         break;
     case GOEPC_CLOSED_EVT:
-        p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_GOEP_DISCONNECT));
+        p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_DATA));
         assert(p_data != NULL);
         p_data->goep_disconnect.hdr.event = BTA_PBA_CLIENT_GOEP_DISCONNECT_EVT;
         p_data->goep_disconnect.hdr.layer_specific = handle;
         p_data->goep_disconnect.reason = p_msg->closed.reason;
         break;
     case GOEPC_RESPONSE_EVT:
-        p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_GOEP_RESPONSE));
+        p_data = (tBTA_PBA_CLIENT_DATA *)osi_malloc(sizeof(tBTA_PBA_CLIENT_DATA));
         assert(p_data != NULL);
         p_data->goep_response.hdr.layer_specific = handle;
         p_data->goep_response.pkt = p_msg->response.pkt;
diff --git a/components/bt/host/bluedroid/bta/pba/bta_pba_client_api.c b/components/bt/host/bluedroid/bta/pba/bta_pba_client_api.c
@@ -80,6 +80,7 @@ void BTA_PbaClientOpen(BD_ADDR bd_addr, tBTA_SEC sec_mask, UINT32 supported_feat
     if ((p_buf = (tBTA_PBA_CLIENT_API_OPEN *)osi_malloc(sizeof(tBTA_PBA_CLIENT_API_OPEN))) != NULL) {
         p_buf->hdr.event = BTA_PBA_CLIENT_API_OPEN_EVT;
         p_buf->sec_mask = sec_mask;
+        p_buf->supported_feat = supported_feat;
         p_buf->mtu = mtu;
         bdcpy(p_buf->bd_addr, bd_addr);
         bta_sys_sendmsg(p_buf);
diff --git a/components/bt/host/bluedroid/bta/pba/bta_pba_client_sdp.c b/components/bt/host/bluedroid/bta/pba/bta_pba_client_sdp.c
@@ -214,8 +214,8 @@ BOOLEAN bta_pba_client_do_disc(tBTA_PBA_CLIENT_CCB *p_ccb)
 {
     tSDP_UUID       uuid_list[1];
     UINT16          num_uuid = 1;
-    UINT16          attr_list[4];
-    UINT8           num_attr;
+    UINT16          attr_list[6];
+    UINT8           num_attr = 6;
     BOOLEAN         db_inited = FALSE;
 
     /* get proto list and features */
@@ -225,7 +225,6 @@ BOOLEAN bta_pba_client_do_disc(tBTA_PBA_CLIENT_CCB *p_ccb)
     attr_list[3] = ATTR_ID_GOEP_L2CAP_PSM;
     attr_list[4] = ATTR_ID_SUPPORTED_REPOSITORIES;
     attr_list[5] = ATTR_ID_PBAP_SUPPORTED_FEATURES;
-    num_attr = 6;
     uuid_list[0].uu.uuid16 = UUID_SERVCLASS_PBAP_PSE;
     uuid_list[0].len = LEN_UUID_16;
 
