From e13b6119f003b09afbaacc6b592aaa68241b6490 Mon Sep 17 00:00:00 2001 From: Lyle Zhu Date: Fri, 15 Aug 2025 21:50:57 +0800 Subject: [PATCH] Bluetooth: SDP: Fix issue that RX buf is used for others discovery In current implementation, the received buffer is incorrectly used for other SDP discover requests. Release the RX buffer when the SDP discovery is done. And allocate the new RX buffer from the pool of the new SDP discovery request. Signed-off-by: Lyle Zhu --- subsys/bluetooth/host/classic/sdp.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/subsys/bluetooth/host/classic/sdp.c b/subsys/bluetooth/host/classic/sdp.c index f031144c2d2bd..ed41dad5eb1d2 100644 --- a/subsys/bluetooth/host/classic/sdp.c +++ b/subsys/bluetooth/host/classic/sdp.c @@ -1705,6 +1705,10 @@ static void sdp_client_params_iterator(struct bt_sdp_client *session) sys_slist_remove(&session->reqs, NULL, ¶m->_node); /* Invalidate cached param in context */ session->param = NULL; + if (session->rec_buf != NULL) { + net_buf_unref(session->rec_buf); + session->rec_buf = NULL; + } /* Reset continuation state in current context */ (void)memset(&session->cstate, 0, sizeof(session->cstate)); /* Clear total length */ @@ -1912,7 +1916,11 @@ static int sdp_client_discover(struct bt_sdp_client *session) param = session->param; } - if (!param) { + if (param != NULL && session->rec_buf == NULL) { + session->rec_buf = net_buf_alloc(param->pool, K_FOREVER); + } + + if (param == NULL || session->rec_buf == NULL) { struct bt_l2cap_chan *chan = &session->chan.chan; session->state = SDP_CLIENT_DISCONNECTING;