From 050e79ec4268655b4ffcbf9970e8753dec632a23 Mon Sep 17 00:00:00 2001 From: Jordan Yates Date: Thu, 6 Feb 2025 09:35:56 +1000 Subject: [PATCH 1/2] bluetooth: host: hci_core: add missing `NULL` check Add check that the command buffer claimed in `bt_le_create_conn_cancel` is not `NULL`. Fixes a fault caused by providing the `NULL` buffer to `bt_hci_cmd_state_set_init`. Signed-off-by: Jordan Yates --- subsys/bluetooth/host/hci_core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/subsys/bluetooth/host/hci_core.c b/subsys/bluetooth/host/hci_core.c index 734abeb26a1c2..b785650ad9c52 100644 --- a/subsys/bluetooth/host/hci_core.c +++ b/subsys/bluetooth/host/hci_core.c @@ -858,6 +858,9 @@ int bt_le_create_conn_cancel(void) struct bt_hci_cmd_state_set state; buf = bt_hci_cmd_create(BT_HCI_OP_LE_CREATE_CONN_CANCEL, 0); + if (!buf) { + return -ENOBUFS; + } bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags, BT_DEV_INITIATING, false); From 7cddd47c3f63822f63c798445b70d0183e376a7c Mon Sep 17 00:00:00 2001 From: Jordan Yates Date: Thu, 6 Feb 2025 22:02:09 +1000 Subject: [PATCH 2/2] bluetooth: increment `BT_BUF_CMD_TX_COUNT` The extended advertising start procedure can consume both command buffers in a single API call, resulting in `bt_le_create_conn_cancel` being unable to claim a buffer to terminate the connection request. Increase the command count if both extended advertising and Bluetooth central are enabled in an application. Signed-off-by: Jordan Yates --- subsys/bluetooth/common/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/subsys/bluetooth/common/Kconfig b/subsys/bluetooth/common/Kconfig index 125521f68a32f..fe934cb67873f 100644 --- a/subsys/bluetooth/common/Kconfig +++ b/subsys/bluetooth/common/Kconfig @@ -172,6 +172,7 @@ config BT_BUF_CMD_TX_SIZE config BT_BUF_CMD_TX_COUNT int "Number of HCI command buffers" + default 3 if BT_EXT_ADV && BT_CENTRAL default 2 range 2 64 help