Hello,
I am using the KW40Z in the GAP Central role to scan and connect to other BLE devices. Occasionally, a HardFault will be triggered while processing scan requests. I've managed to trace the issue back to a potential null-pointer dereference in "hciLeCallback" from "gap_hci_cb.o" in "ble_host_central_lib.a" within Connectivity Software 1.0.1.
The disassembly for this function is shown below. There is a conditional breakpoint on address 0x1875C right after the call to "MEM_BufferAlloc". Notice that there is no check to verify that "MEM_BufferAlloc" did not return NULL, unlike the previous call to "MEM_BufferAlloc" earlier in the function (starting at address 0x18736, the "MOVS" followed by the "BEQ.N").
Ultimately, the HardFault occurs within the call to "FLib_MemCpy" at address 0x1877C where we end up trying to write to address 0. A snapshot of this condition is shown below (destination in R0, source in R1). There are a few reads and writes that occur between the call to "MEM_BufferAlloc" and "FLib_MemCpy" that I haven't fully decoded, but they don't seem to help us avoid writing to address 0.
I suspect I can increase the heap size to avoid running into this situation, but it doesn't fix the underlying cause. Is there a planned update to the Connectivity Software that happens to address this issue?
Thanks,
Ben
Hi Ben Pratt
Thanks for your feedback, I will verify this information and tell to the people that take care of this. Your issue seams to be a improvement, so it should be in the next release, but it may take time to be released.
Best Regards
Jorge Alcala
Hi Jorge,
Thanks for the acknowledgement. Increasing the heap size did allow us to avoid the situation. Looking forward to the next release.
Thanks,
Ben