Skip to content
Browse files

Bluetooth: controller: Fix pdu being overwritten while in use

The node_rx buffer for the connect ind buffer is being reused to send
connection complete event, make sure all data is backed up before
reusing the buffer.

Signed-off-by: Joakim Andersson <>
Signed-off-by: Vinayak Kariappa Chettimada <>
  • Loading branch information...
joerchan authored and nashif committed May 15, 2019
1 parent 65b3f17 commit 6db47769808fb079ade3dd10422b15e37f95c372
Showing with 14 additions and 6 deletions.
  1. +14 −6 subsys/bluetooth/controller/ll_sw/ull_master.c
@@ -431,17 +431,26 @@ void ull_master_setup(memq_link_t *link, struct node_rx_hdr *rx,
conn = lll->hdr.parent;

pdu = (void *)((struct node_rx_pdu *)rx)->pdu;

u8_t own_addr_type = pdu->tx_addr;
u8_t own_addr[BDADDR_SIZE];
u8_t peer_addr[BDADDR_SIZE];
u8_t rl_idx;

memcpy(own_addr, &pdu->connect_ind.init_addr[0], BDADDR_SIZE);
memcpy(peer_addr, &pdu->connect_ind.adv_addr[0], BDADDR_SIZE);

chan_sel = pdu->chan_sel;

cc = (void *)pdu;
cc->status = 0U;
cc->role = 0U;

u8_t rl_idx;

cc->own_addr_type = pdu->tx_addr;
memcpy(&cc->own_addr[0], &pdu->connect_ind.init_addr[0], BDADDR_SIZE);
cc->own_addr_type = own_addr_type;
memcpy(&cc->own_addr[0], &own_addr[0], BDADDR_SIZE);

rl_idx = *((u8_t *)ftr->extra);
@@ -458,8 +467,7 @@ void ull_master_setup(memq_link_t *link, struct node_rx_hdr *rx,
cc->peer_addr_type += 2;

/* Store peer RPA */
memcpy(&cc->peer_rpa[0], &pdu->connect_ind.adv_addr[0],
memcpy(&cc->peer_rpa[0], &peer_addr[0], BDADDR_SIZE);
} else {
memset(&cc->peer_rpa[0], 0x0, BDADDR_SIZE);

0 comments on commit 6db4776

Please sign in to comment.
You can’t perform that action at this time.