From 861b8169650f8612928ce48acb27d2d59e092285 Mon Sep 17 00:00:00 2001 From: Zhou Xiao Date: Thu, 15 Jan 2026 19:13:24 +0800 Subject: [PATCH] fix(ble): fixed use-after-free in bluedroid attp (cherry picked from commit 78594e0f6eb95b18bf28a38493245bdb0213f542) Co-authored-by: Zhou Xiao --- components/bt/host/bluedroid/stack/gatt/att_protocol.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/components/bt/host/bluedroid/stack/gatt/att_protocol.c b/components/bt/host/bluedroid/stack/gatt/att_protocol.c index c16967c6ef..f2654f1a15 100644 --- a/components/bt/host/bluedroid/stack/gatt/att_protocol.c +++ b/components/bt/host/bluedroid/stack/gatt/att_protocol.c @@ -395,8 +395,7 @@ tGATT_STATUS attp_send_msg_to_l2cap(tGATT_TCB *p_tcb, BT_HDR *p_toL2CAP) } if (l2cap_ret == L2CAP_DW_FAILED) { - GATT_TRACE_DEBUG("ATT failed to pass msg:0x%0x to L2CAP", - *((UINT8 *)(p_toL2CAP + 1) + p_toL2CAP->offset)); + GATT_TRACE_DEBUG("ATT failed to pass msg to L2CAP"); return GATT_INTERNAL_ERROR; } else if (l2cap_ret == L2CAP_DW_CONGESTED) { GATT_TRACE_DEBUG("ATT congested, message accepted");