blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-10 01:29:21 -04:00
Code Issues Projects Releases Wiki Activity

Merge branch 'bugfix/stack_corruption_btm_task_v5.2' into 'release/v5.2'

Browse Source 
fix(esp_wifi): Fix stack curruption in btm task (v5.2)

See merge request espressif/esp-idf!36971
This commit is contained in:
Jiang Jiang Jian 2025-02-14 19:02:20 +08:00
commit beb054baad
1 changed files with 7 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
components/wpa_supplicant/esp_supplicant/src/esp_common.c
View File

@ -116,7 +116,7 @@ static int mgmt_rx_action(u8 *frame, size_t len, u8 *sender, int8_t rssi, u8 cha
#ifdef CONFIG_SUPPLICANT_TASK
static void btm_rrm_task(void *pvParameters)
{
supplicant_event_t *evt;
supplicant_event_t evt;
bool task_del = false;
while(1) {
@ -124,15 +124,14 @@ static void btm_rrm_task(void *pvParameters)
continue;
/* event validation failed */
if (evt->id >= SIG_SUPPLICANT_MAX) {
os_free(evt);
if (evt.id >= SIG_SUPPLICANT_MAX) {
continue;
}
switch (evt->id) {
switch (evt.id) {
case SIG_SUPPLICANT_RX_ACTION:
{
struct ieee_mgmt_frame *frm = (struct ieee_mgmt_frame *)evt->data;
struct ieee_mgmt_frame *frm = (struct ieee_mgmt_frame *)evt.data;
mgmt_rx_action(frm->payload, frm->len, frm->sender, frm->rssi, frm->channel);
os_free(frm);
break;
@ -148,8 +147,6 @@ static void btm_rrm_task(void *pvParameters)
break;
}
os_free(evt);
if (task_del)
break;
}
@ -816,13 +813,9 @@ cleanup:
#ifdef CONFIG_SUPPLICANT_TASK
int esp_supplicant_post_evt(uint32_t evt_id, uint32_t data)
{
supplicant_event_t *evt = os_zalloc(sizeof(supplicant_event_t));
if (!evt) {
wpa_printf(MSG_ERROR, "Failed to allocated memory");
return -1;
}
evt->id = evt_id;
evt->data = data;
supplicant_event_t evt;
evt.id = evt_id;
evt.data = data;
/* Make sure lock exists before taking it */
SUPPLICANT_API_LOCK();
@ -830,13 +823,11 @@ int esp_supplicant_post_evt(uint32_t evt_id, uint32_t data)
/* Make sure no event can be sent when deletion event is sent or task not initialized */
if (!s_supplicant_task_init_done) {
SUPPLICANT_API_UNLOCK();
os_free(evt);
return -1;
}
if (os_queue_send(s_supplicant_evt_queue, &evt, os_task_ms_to_tick(10)) != TRUE) {
SUPPLICANT_API_UNLOCK();
os_free(evt);
return -1;
}
if (evt_id == SIG_SUPPLICANT_DEL_TASK) {