search

aed3 / PS4-esp32

Use a ps4 controller with an esp32
328 stars 103 forks source link

Send hid command memory leak and nullpointer reference #26

Open Mendrzec opened 2 years ago

Mendrzec commented 2 years ago

@Mendrzec today I checked the SendData example and I figure out that the send data function doesn't work. So I put the complete output for you:


19:38:56.609 -> mode:DIO, clock div:1
19:38:56.609 -> load:0x3fff0030,len:1240
19:38:56.609 -> load:0x40078000,len:13012
19:38:56.609 -> load:0x40080400,len:3648
19:38:56.643 -> entry 0x400805f8
19:38:57.646 -> I (726) PS4_L2CAP: [ps4_l2cap_init_service] Service PS4-HIDC Initialized
19:38:57.646 -> I (727) PS4_L2CAP: [ps4_l2cap_init_service] Service PS4-HIDI Initialized
19:38:57.646 -> RI (1769) PS4_SPP: ESP_SPP_INIT_EVT
19:38:57.646 -> eady.
19:39:04.599 -> I (8718) PS4_L2CAP: [ps4_l2cap_connect_ind_cback] bd_addr: ⸮⸮⸮b⸮
19:39:04.599 ->   l2cap_cid: 0x41
19:39:04.599 ->   psm: 17
19:39:04.599 ->   id: 4
19:39:04.599 -> I (8738) PS4_L2CAP: [ps4_l2cap_config_ind_cback] l2cap_cid: 0x41
19:39:04.632 ->   p_cfg->result: 0
19:39:04.632 ->   p_cfg->mtu_present: 1
19:39:04.632 ->   p_cfg->mtu: 672
19:39:04.632 -> I (8740) PS4_L2CAP: [ps4_l2cap_config_cfm_cback] l2cap_cid: 0x41
19:39:04.632 ->   p_cfg->result: 0
19:39:04.632 -> I (8748) PS4_L2CAP: [ps4_l2cap_connect_ind_cback] bd_addr: ⸮⸮⸮b⸮
19:39:04.632 ->   l2cap_cid: 0x40
19:39:04.632 ->   psm: 19
19:39:04.632 ->   id: 6
19:39:04.632 -> I (8764) PS4_L2CAP: [ps4_l2cap_config_ind_cback] l2cap_cid: 0x40
19:39:04.632 ->   p_cfg->result: 0
19:39:04.632 ->   p_cfg->mtu_present: 1
19:39:04.632 ->   p_cfg->mtu: 672
19:39:04.666 -> I (8768) PS4_L2CAP: [ps4_l2cap_config_cfm_cback] l2cap_cid: 0x40
19:39:04.666 ->   p_cfg->result: 0
19:39:04.666 -> I (8775) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.800 -> I (8920) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.800 -> I (8925) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.800 -> I (8935) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.836 -> I (8945) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.836 -> I (8955) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.836 -> I (8965) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.836 -> I (8975) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.869 -> I (8985) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.869 -> I (8995) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.869 -> I (9005) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.902 -> I (9015) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.902 -> I (9025) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.902 -> I (9035) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.902 -> I (9045) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.939 -> I (9055) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.939 -> I (9065) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.939 -> I (9075) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.972 -> I (9085) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.972 -> I (9095) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.972 -> I (9105) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:04.972 -> I (9115) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:05.006 -> I (9125) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
19:39:05.006 -> E (9135) PS4_L2CAP: [ps4_l2cap_send_hid] allocating buffer for sending the command failed
19:39:05.006 -> Guru Meditation Error: Core  1 panic'ed (StoreProhibited). Exception was unhandled.
19:39:05.040 -> 
19:39:05.040 -> Core  1 register dump:
19:39:05.040 -> PC      : 0x400d1fff  PS      : 0x00060730  A0      : 0x800d1bf7  A1      : 0x3ffcdec0  
19:39:05.040 -> A2      : 0x3ffcdefd  A3      : 0x0000004f  A4      : 0x00000000  A5      : 0x00000015  
19:39:05.040 -> A6      : 0x000000ea  A7      : 0x00000000  A8      : 0x800d1ffa  A9      : 0x3ffcde70  
19:39:05.040 -> A10     : 0x3ffcde70  A11     : 0x3f400140  A12     : 0x0000004f  A13     : 0x000023af  
19:39:05.073 -> A14     : 0x3f400140  A15     : 0x3f40046c  SAR     : 0x00000004  EXCCAUSE: 0x0000001d  
19:39:05.073 -> EXCVADDR: 0x00000002  LBEG    : 0x4008fcfd  LEND    : 0x4008fd0d  LCOUNT  : 0xfffffffb  
19:39:05.073 -> 
19:39:05.073 -> 
19:39:05.073 -> Backtrace:0x400d1ffc:0x3ffcdec00x400d1bf4:0x3ffcdee0 0x400d1c89:0x3ffcdf70 0x400d2831:0x3ffcdfa0 0x400d1b56:0x3ffcdfc0 0x400d3974:0x3ffcdfe0 
19:39:05.073 -> 
19:39:05.073 -> 
19:39:05.073 -> 
19:39:05.073 -> 
19:39:05.073 -> ELF file SHA256: 0000000000000000
19:39:05.073 -> 
19:39:05.073 -> Rebooting...
19:39:05.106 -> ets Jun  8 2016 00:22:57
19:39:05.106 -> 
19:39:05.106 -> rst:0xc (SW_CPU_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
19:39:05.106 -> configsip: 0, SPIWP:0xee
19:39:05.106 -> clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
19:39:05.106 -> mode:DIO, clock div:1
19:39:05.106 -> load:0x3fff0030,len:1240
19:39:05.106 -> load:0x40078000,len:13012
19:39:05.106 -> load:0x40080400,len:3648
19:39:05.106 -> entry 0x400805f8
19:39:06.109 -> I (710) PS4_L2CAP: [ps4_l2cap_init_service] Service PS4-HIDC Initialized
19:39:06.109 -> I (711) PS4_L2CAP: [ps4_l2cap_init_service] Service PS4-HIDI Initialized
19:39:06.143 -> RI (1737) PS4_SPP: ESP_SPP_INIT_EVT
19:39:06.143 -> eady.

anyway, I was trying to write another program, so I just send setLED command, I receive just: PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success nothing else happened.

Originally posted by @JavadRah in https://github.com/aed3/PS4-esp32/pull/25#issuecomment-933639843

Mendrzec commented 2 years ago

p_buf is ~never freed and~ referenced even if its is nullptr: https://github.com/aed3/PS4-esp32/blob/03f82acd0986de949a00f52421221d709c3c3413/src/ps4_l2cap.c#L102 fyi @JavadRah

Mendrzec commented 2 years ago

Hi @JavadRah, I tried to reproduce the issue using following script called every 50ms in a loop but had no luck so far:

        if (PS4.Down()) {
            PS4.setLed(123, 23, 45);
        } else {
            PS4.setLed(0, 80, 90);
        }

        PS4.sendToController();

It works perfectly for me.

  1. Could you apply following change to https://github.com/aed3/PS4-esp32/blob/03f82acd0986de949a00f52421221d709c3c3413/src/ps4_l2cap.c#L104 and try again:

    BT_HDR *p_buf = NULL; //here

p_buf = (BT_HDR *)osi_malloc(BT_DEFAULT_BUFFER_SIZE);

if (!p_buf) {
    ESP_LOGE(PS4_TAG, "[%s] allocating buffer for sending the command failed", __func__);
    return; //here
}
  2. Could you share your source code?
AhmadAkbari82 commented 2 years ago

Hi @Mendrzec ! I wanted to use an I2C module with this library and found some strange bugs. When I turn on the controller and it pairs, I2c can no longer be used and it works in pieces and ESP32 hangs. Otherwise everything works fine when the Controller is not connected.

JavadRah commented 2 years ago

Hi @JavadRah, I tried to reproduce the issue using following script called every 50ms in a loop but had no luck so far:

      if (PS4.Down()) {
          PS4.setLed(123, 23, 45);
      } else {
          PS4.setLed(0, 80, 90);
      }

      PS4.sendToController();

It works perfectly for me.

  1. Could you apply following change to https://github.com/aed3/PS4-esp32/blob/03f82acd0986de949a00f52421221d709c3c3413/src/ps4_l2cap.c#L104 and try again:
    BT_HDR *p_buf = NULL; //here

    p_buf = (BT_HDR *)osi_malloc(BT_DEFAULT_BUFFER_SIZE);

    if (!p_buf) {
        ESP_LOGE(PS4_TAG, "[%s] allocating buffer for sending the command failed", __func__);
        return; //here
    }
  1. Could you share your source code?

Hi, sorry for the delay in reply. I used the PS4SendData example with your suggested edit, here is the log:

I (681) PS4_L2CAP: [ps4_l2cap_init_service] Service PS4-HIDC Initialized
I (681) PS4_L2CAP: [ps4_l2cap_init_service] Service PS4-HIDI Initialized
RI (1677) PS4_SPP: ESP_SPP_INIT_EVT
eady.
I (66299) PS4_L2CAP: [ps4_l2cap_connect_ind_cback] bd_addr: ⸮⸮⸮b⸮
  l2cap_cid: 0x41
  psm: 17
  id: 4
I (66319) PS4_L2CAP: [ps4_l2cap_config_ind_cback] l2cap_cid: 0x41
  p_cfg->result: 0
  p_cfg->mtu_present: 1
  p_cfg->mtu: 672
I (66321) PS4_L2CAP: [ps4_l2cap_config_cfm_cback] l2cap_cid: 0x41
  p_cfg->result: 0
I (66329) PS4_L2CAP: [ps4_l2cap_connect_ind_cback] bd_addr: ⸮⸮⸮b⸮
  l2cap_cid: 0x40
  psm: 19
  id: 6
I (66346) PS4_L2CAP: [ps4_l2cap_config_ind_cback] l2cap_cid: 0x40
  p_cfg->result: 0
  p_cfg->mtu_present: 1
  p_cfg->mtu: 672
I (66350) PS4_L2CAP: [ps4_l2cap_config_cfm_cback] l2cap_cid: 0x40
  p_cfg->result: 0
I (66357) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66482) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66483) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66493) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66503) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66513) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66523) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66533) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66543) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66553) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66563) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66573) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66583) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66593) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66603) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66613) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66623) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66633) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66643) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66653) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66663) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66673) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66683) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66693) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66703) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66713) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66723) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66733) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
E (66743) PS4_L2CAP: [ps4_l2cap_send_hid] allocating buffer for sending the command failed
I (66753) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66763) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66773) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66783) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66793) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66803) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: success
I (66813) PS4_L2CAP: [ps4_l2cap_congest_cback] l2cap_cid: 0x41
  congested: 1
W (66813) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: congested
E (66825) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: failed
E (66835) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: failed
E (66845) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: failed
E (66855) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: failed
E (66865) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: failed
E (66875) PS4_L2CAP: [ps4_l2cap_send_hid] sending command: failed