From 029540abece01361f52025534594a0b333cf0afd Mon Sep 17 00:00:00 2001 From: Yago Fontoura do Rosario Date: Tue, 10 Sep 2024 16:02:24 +0200 Subject: [PATCH] Bluetooth: Controller: Handle overlapping buffers on ull_adv{.c,_aux.c} * Setting the adv data, scan rsp and adv aux ad data can happen on overlapping buffers * There can be other memcpy's that need to be changed to memmove but these are the only ones I could reproduce the issue and since memmove has a performance penalty, I left the others as is. Signed-off-by: Yago Fontoura do Rosario --- subsys/bluetooth/controller/ll_sw/ull_adv.c | 4 ++-- subsys/bluetooth/controller/ll_sw/ull_adv_aux.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/subsys/bluetooth/controller/ll_sw/ull_adv.c b/subsys/bluetooth/controller/ll_sw/ull_adv.c index 32443b6efacc04..c0f2f86bb2ac5f 100644 --- a/subsys/bluetooth/controller/ll_sw/ull_adv.c +++ b/subsys/bluetooth/controller/ll_sw/ull_adv.c @@ -1870,7 +1870,7 @@ uint8_t ull_adv_data_set(struct ll_adv_set *adv, uint8_t len, pdu->tx_addr = prev->tx_addr; pdu->rx_addr = prev->rx_addr; - memcpy(&pdu->adv_ind.addr[0], &prev->adv_ind.addr[0], BDADDR_SIZE); + memmove(&pdu->adv_ind.addr[0], &prev->adv_ind.addr[0], BDADDR_SIZE); memcpy(&pdu->adv_ind.data[0], data, len); pdu->len = BDADDR_SIZE + len; @@ -1926,7 +1926,7 @@ uint8_t ull_scan_rsp_set(struct ll_adv_set *adv, uint8_t len, pdu->tx_addr = prev->tx_addr; pdu->rx_addr = 0; pdu->len = BDADDR_SIZE + len; - memcpy(&pdu->scan_rsp.addr[0], &prev->scan_rsp.addr[0], BDADDR_SIZE); + memmove(&pdu->scan_rsp.addr[0], &prev->scan_rsp.addr[0], BDADDR_SIZE); memcpy(&pdu->scan_rsp.data[0], data, len); /* Update time reservation */ diff --git a/subsys/bluetooth/controller/ll_sw/ull_adv_aux.c b/subsys/bluetooth/controller/ll_sw/ull_adv_aux.c index 482239a617a4a0..7478bf7332be72 100644 --- a/subsys/bluetooth/controller/ll_sw/ull_adv_aux.c +++ b/subsys/bluetooth/controller/ll_sw/ull_adv_aux.c @@ -2020,7 +2020,7 @@ uint8_t ull_adv_aux_hdr_set_clear(struct ll_adv_set *adv, sec_dptr -= BDADDR_SIZE; - (void)memcpy(sec_dptr, bdaddr, BDADDR_SIZE); + (void)memmove(sec_dptr, bdaddr, BDADDR_SIZE); } /* Set the common extended header format flags in the current primary