[
https://issues.apache.org/jira/browse/MYNEWT-702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15961266#comment-15961266
]
ASF subversion and git services commented on MYNEWT-702:
--------------------------------------------------------
Commit afa6d53254cbf444a3f44cc1851f0b038227edb6 in incubator-mynewt-core's
branch refs/heads/master from [~ccollins476]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-mynewt-core.git;h=afa6d53
]
Merge remote-tracking branch 'apache/develop'
* apache/develop: (136 commits)
Close a dangling pull request (#217).
net/ip/mn_socket; fix a typo in address conversion with v6.
sys/reboot; if fcb_init() sees data it does not recognize in the flash area
allocated to it, erase that area.
MYNEWT-713 Sysinit: nimble controller crashes
MYNEWT-712 Syscfg: Fix float_user to have syscfg
Fix project name case to match filename
Add uncrustify style for mynewt
MYNEWT-711 testbench - Enable split setup.
MYNEWT-711 testbench - Add BLE peripheral support
MYNEWT-711 testbench - Add BLE peripheral support
MYNEWT-709 nffs - Occasional unit test failures
nmgr_os; reduce the chance of triggering watchdog during reboot by tickling
it just before doing managed reset.
MYNEWT-709 nffs - Occasional unit test failures
No jira ticket: fix uninitialized local variable.
No jira ticket: get native ble building.
No jira ticket. Remove unused header file bsp.h
MYNEWT-707: Add API to retrieve public and random static address
native/hal_uart.c; break out of tx loop in poller if nothing to transmit.
net/oic; fix compilation errors with clang.
MYNEWT-702 dbg: Erase mempool entries during free.
...
> BLE Host - duplicate connection update entries
> ----------------------------------------------
>
> Key: MYNEWT-702
> URL: https://issues.apache.org/jira/browse/MYNEWT-702
> Project: Mynewt
> Issue Type: Bug
> Reporter: Christopher Collins
> Assignee: Christopher Collins
> Fix For: v1_1_0_rel
>
>
> If the application calls ble_gap_update_params() while an update connection
> procedure for that connection is already in progress, the existing entry gets
> re-inserted in the ble_gap_update_entries list. This yields a cycle in the
> list, causing the host task to loop endlessly during iteration.
> More details:
> # Host initiates a connection update procedure; creates an entry and inserts
> it into the list (ble_gap_update_entries).
> # Host attempts to initiate a second connection update procedure for the same
> connection. Since an existing update procedure is ongoing, this attempt
> fails with a status code of BLE_HS_EALREADY.
> # On detecting the error, the ble_gap_update_params() function tries to clean
> up (goto done). Part of this cleanup involves freeing the update entry that
> got allocated earlier in the function but never got inserted into the list.
> In this case, no entry was allocated, but it looks like one was, because the
> entry pointer was used to detect a duplicate entry. Consequently, the entry
> is freed but never removed from the list!
> # The host initiates a third connection update procedure for the same
> connection. This time, no duplicate is detected because the entry in the
> list got corrupted when it was freed, making its connection handle value
> indeterminate. The host allocates the same entry from the pool, populates
> it, and inserts it into the list. Now the same entry is in the list twice,
> creating a cycle. When the host iterates this list, it loops forever.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
