NimBLE::deinit crash when a characteristic have a descriptor

Only crash when I add a descriptor, as soon as descriptor is commented out, deinit works perfectly.

It crash with following error:

CORRUPT HEAP: Bad head at 0x3ffcee10. Expected 0xabba1234 got 0x3ffced8c

assert failed: multi_heap_free multi_heap_poisoning.c:253 (head != NULL)

Backtrace: 0x40083729:0x3ffc8be0 0x40092509:0x3ffc8c00 0x40098005:0x3ffc8c20 0x40097c77:0x3ffc8d50 0x40083ac9:0x3ffc8d70 0x40098035:0x3ffc8d90 0x400d3615:0x3ffc8db0 0x400d3fae:0x3ffc8dd0 0x400d3779:0x3ffc8df0 0x400d5e3c:0x3ffc8e10 0x400d4f79:0x3ffc8e30 0x400d462b:0x3ffc8e50 0x400d2a37:0x3ffc8e70 0x400eb8b1:0x3ffc8ed0

  #0  0x40083729:0x3ffc8be0 in panic_abort at /Users/ficeto/Desktop/ESP32/ESP32S2/esp-idf-public/components/esp_system/panic.c:408
  #1  0x40092509:0x3ffc8c00 in esp_system_abort at /Users/ficeto/Desktop/ESP32/ESP32S2/esp-idf-public/components/esp_system/esp_system.c:137
  #2  0x40098005:0x3ffc8c20 in __assert_func at /Users/ficeto/Desktop/ESP32/ESP32S2/esp-idf-public/components/newlib/assert.c:85 
  #3  0x40097c77:0x3ffc8d50 in multi_heap_free at /Users/ficeto/Desktop/ESP32/ESP32S2/esp-idf-public/components/heap/multi_heap_poisoning.c:253
      (inlined by) multi_heap_free at /Users/ficeto/Desktop/ESP32/ESP32S2/esp-idf-public/components/heap/multi_heap_poisoning.c:245
  #4  0x40083ac9:0x3ffc8d70 in heap_caps_free at /Users/ficeto/Desktop/ESP32/ESP32S2/esp-idf-public/components/heap/heap_caps.c:361
  #5  0x40098035:0x3ffc8d90 in free at /Users/ficeto/Desktop/ESP32/ESP32S2/esp-idf-public/components/newlib/heap.c:39
  #6  0x400d3615:0x3ffc8db0 in NimBLEAttValue::~NimBLEAttValue() at .pio/libdeps/esp32dev/NimBLE-Arduino/src/NimBLEAttValue.cpp:45
  #7  0x400d3fae:0x3ffc8dd0 in NimBLEDescriptor::~NimBLEDescriptor() at .pio/libdeps/esp32dev/NimBLE-Arduino/src/NimBLEDescriptor.cpp:98
  #8  0x400d3779:0x3ffc8df0 in NimBLECharacteristic::~NimBLECharacteristic() at .pio/libdeps/esp32dev/NimBLE-Arduino/src/NimBLECharacteristic.cpp:64 (discriminator 1)
  #9  0x400d5e3c:0x3ffc8e10 in NimBLEService::~NimBLEService() at .pio/libdeps/esp32dev/NimBLE-Arduino/src/NimBLEService.cpp:69 (discriminator 1)
  #10 0x400d4f79:0x3ffc8e30 in NimBLEServer::~NimBLEServer() at .pio/libdeps/esp32dev/NimBLE-Arduino/src/NimBLEServer.cpp:65 (discriminator 1)
  #11 0x400d462b:0x3ffc8e50 in NimBLEDevice::deinit(bool) at .pio/libdeps/esp32dev/NimBLE-Arduino/src/NimBLEDevice.cpp:948 (discriminator 1)
  #12 0x400d2a37:0x3ffc8e70 in loop() at src/main.cpp:65 (discriminator 10)
  #13 0x400eb8b1:0x3ffc8ed0 in loopTask(void*) at C:/Users/<user>/.platformio/packages/framework-arduinoespressif32/cores/esp32/main.cpp:50

Here's the sample code:

void loop()
{
    // log("free heap - loop: " + String(ESP.getFreeHeap()));

    // init / deinit - memory usage test
    delay(2000);
    NimBLEDevice::init("BLE_ESP32_1");

    pServer = NimBLEDevice::createServer();
    pServer->setCallbacks(new BleServerCallbacks(), true);

    // create BLE service
    pService = pServer->createService(NimBLEUUID(SERVICE_UUID));

    // create BLE characteristics
    pSetting1Characteristic = pService->createCharacteristic(
        SETTING1_UUID, NIMBLE_PROPERTY::READ | NIMBLE_PROPERTY::WRITE, 50);

    pSetting1Characteristic->setValue<String>(settingOne.c_str());

    // add descriptors to rest of characteristics
    pDescriptorSettingOne = pSetting1Characteristic->createDescriptor("2901",NIMBLE_PROPERTY::READ, 50);
    pDescriptorSettingOne->setValue("Setting One");
    pSetting1Characteristic->addDescriptor(pDescriptorSettingOne);

    log("free heap - BLE init: " + String(ESP.getFreeHeap()));
    delay(2000);

    NimBLEDevice::deinit(true);
    delay(500);
    log("free heap - BLE deinit: " + String(ESP.getFreeHeap()));
}

h2zero / NimBLE-Arduino

NimBLE::deinit crash when a characteristic have a descriptor #714