Bluetooth: controller: Fix uninitialized ULL reference count

cvinayak · carlescufi · commit e395c6ce2c23 · 2021-04-19T10:26:38.000+02:00
Fix missing initialization of reference count in
ull_hdr_init function.

This has not caused issues so far, but when the ref member
of the struct ull_hdr if placed in the beginning of a
context that is allocated using mem_acquire function then
first few bytes used would make the ref member to have
uninitialized value when such context is allocated by
mem_acquire. First few bytes are the next pointer and free
count stored by the mem module.

The issue was discovered in subsequent commits that
restructure the ULL context structures.

Signed-off-by: Vinayak Kariappa Chettimada &lt;vich@nordicsemi.no&gt;
diff --git a/subsys/bluetooth/controller/ll_sw/ull_internal.h b/subsys/bluetooth/controller/ll_sw/ull_internal.h
@@ -27,6 +27,7 @@ static inline uint8_t ull_ref_dec(struct ull_hdr *hdr)
 
 static inline void ull_hdr_init(struct ull_hdr *hdr)
 {
+	hdr->ref = 0U;
 	hdr->disabled_cb = hdr->disabled_param = NULL;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ static inline uint8_t ull_ref_dec(struct ull_hdr *hdr)`
`27`	`27`
`28`	`28`	`static inline void ull_hdr_init(struct ull_hdr *hdr)`
`29`	`29`	`{`
	`30`	`+ hdr->ref = 0U;`
`30`	`31`	`hdr->disabled_cb = hdr->disabled_param = NULL;`
`31`	`32`	`}`
`32`	`33`