https://community.nxp.com/t5/Kinetis-Microcontrollers/KW40Z-HardFault-in-hciLeCallback/m-p/625516#M37511 <HTML><HEAD></HEAD><BODY><P>Hi Ben Pratt</P><P></P><P>Thanks for your feedback, I will verify this information and tell to the people that take care of this. Your issue seams to be a improvement, so it should be in the next release, but it may take time to be released.</P><P></P><P>Best Regards</P><P>Jorge Alcala</P></BODY></HTML> Mon, 27 Mar 2017 18:57:41 GMT jorge_a_vazquez 2017-03-27T18:57:41Z https://community.nxp.com/t5/Kinetis-Microcontrollers/KW40Z-HardFault-in-hciLeCallback/m-p/625515#M37510 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I am using the KW40Z in the&nbsp;GAP Central role to scan and connect to other BLE devices. Occasionally, a HardFault will be triggered while processing scan requests. I've managed to trace the issue back to a potential null-pointer dereference in "hciLeCallback" from "gap_hci_cb.o" in "ble_host_central_lib.a" within Connectivity Software 1.0.1.</P><P></P><P>The disassembly for this function is shown below. There is a conditional breakpoint on address 0x1875C right after the call to "MEM_BufferAlloc". <STRONG>Notice that there is no check to verify that "MEM_BufferAlloc" did not return NULL</STRONG>, unlike the previous call to "MEM_BufferAlloc" earlier in the function (starting at address 0x18736, the "MOVS" followed by the "BEQ.N").</P><P></P><P><span class="lia-inline-image-display-wrapper" image-alt="pastedImage_1.png"><img src="https://community.nxp.com/t5/image/serverpage/image-id/15023iE5261768376AE5FA/image-size/large?v=v2&amp;px=999" role="button" title="pastedImage_1.png" alt="pastedImage_1.png" /></span></P><P></P><P>Ultimately, the HardFault occurs within the call to "FLib_MemCpy" at address 0x1877C where we end up trying to write to address 0. A snapshot of this condition is shown below (destination in R0, source in R1). There are a few reads and writes that occur between the call to "MEM_BufferAlloc" and "FLib_MemCpy"&nbsp;that I haven't fully decoded, but they don't seem to help us avoid writing to address 0.</P><P></P><P><span class="lia-inline-image-display-wrapper" image-alt="pastedImage_5.png"><img src="https://community.nxp.com/t5/image/serverpage/image-id/15105i70852D510B2982AD/image-size/large?v=v2&amp;px=999" role="button" title="pastedImage_5.png" alt="pastedImage_5.png" /></span></P><P></P><P>I suspect I can increase the heap size to avoid running into this situation, but it doesn't fix the underlying cause. Is there a planned update to the Connectivity Software that happens to address this issue?</P><P></P><P>Thanks,</P><P>Ben</P></BODY></HTML> Mon, 06 Mar 2017 17:40:48 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/KW40Z-HardFault-in-hciLeCallback/m-p/625515#M37510 bpratt 2017-03-06T17:40:48Z https://community.nxp.com/t5/Kinetis-Microcontrollers/KW40Z-HardFault-in-hciLeCallback/m-p/625516#M37511 <HTML><HEAD></HEAD><BODY><P>Hi Ben Pratt</P><P></P><P>Thanks for your feedback, I will verify this information and tell to the people that take care of this. Your issue seams to be a improvement, so it should be in the next release, but it may take time to be released.</P><P></P><P>Best Regards</P><P>Jorge Alcala</P></BODY></HTML> Mon, 27 Mar 2017 18:57:41 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/KW40Z-HardFault-in-hciLeCallback/m-p/625516#M37511 jorge_a_vazquez 2017-03-27T18:57:41Z https://community.nxp.com/t5/Kinetis-Microcontrollers/KW40Z-HardFault-in-hciLeCallback/m-p/625517#M37512 <HTML><HEAD></HEAD><BODY><P>Hi Jorge,&nbsp;</P><P></P><P>Thanks for the acknowledgement. Increasing the heap size did allow us to avoid the situation. Looking forward to the next release.</P><P></P><P>Thanks,</P><P>Ben</P></BODY></HTML> Tue, 04 Apr 2017 17:11:32 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/KW40Z-HardFault-in-hciLeCallback/m-p/625517#M37512 bpratt 2017-04-04T17:11:32Z