3 Replies Latest reply on Apr 25, 2016 6:32 PM by gdepaula

    BLE Scan Response API call problem?

      Hi all,

      We added scan response to our project (BCM20736S and SDK 2.2.2) and are having problems.  It have a memory leak issue that eventually leads to a code freeze and our Watchdog resets us.  If I remove the scan response code then the problem goes away:

       

       

      #define      DATA_LENGTH_NVRAM                4

       

      #define      APP_VERSION_MAJOR       1           // Maximum is 99

      #define      APP_VERSION_MINOR       7           // Maximum is 255

       

      // Scan response field

      BLE_ADV_FIELD scr[3];

       

      UINT8   data_info = 100;

       

      void update_scanrspdata(void)

      {

        UINT8 id_array[6*DATA_LENGTH_NVRAM];          // 24 bytes

        UINT8 data_count;

       

        scr[0].len     = 1 + 1;

        scr[0].val     = ADV_FLAGS;

        scr[0].data[0] = LE_GENERAL_DISCOVERABLE | BR_EDR_NOT_SUPPORTED;

       

        scr[1].len     = 2 + 1;

        scr[1].val     = ADV_MANUFACTURER_DATA;

        scr[1].data[0] = APP_VERSION_MAJOR;

        scr[1].data[1] = APP_VERSION_MINOR;

       

        bleprofile_ReadNVRAM(NVRAM_DATA_COUNT, 1, &data_count);

        bleprofile_ReadNVRAM(NVRAM_DATA, (6*DATA_LENGTH_NVRAM), id_array);

       

      // Byte count: 1 data info + 1 data count + 24 (6 Numbers)

        scr[2].len     = 2 + 6*DATA_LENGTH_NVRAM + 1;

        scr[2].val     = ADV_SERVICE_DATA;

        scr[2].data[0] = data_info;

        scr[2].data[1] = data_count;

        BT_MEMCPY(&scr[2].data[2], id_array, (6*DATA_LENGTH_NVRAM));

       

      // Update scan response

        blecm_setScanRspData((UINT8*)scr, (scr[0].len + scr[1].len + scr[2].len + 1));

      }

       

       

      We think the problem could be with the second parameter of "blecm_setScanRspData(x, y)" function.  What is the count that we have to pass there?

       

      Or maybe the stack can't handle the 24 bytes of the id_array?

       

      Any ideas?

       

      Thanks!

       

      Cheers,

      Gil

        • 1. Re: BLE Scan Response API call problem?
          JacobT_81

          Hi gdepaula

           

          After digging through the source, this length parameter wants the number of bytes of your src array so that it can perform a memcpy on it.

           

          It looks like 3 src elements will take up exactly 93 bytes regardless of what you put in there.

           

          Let me know if hard coding this value makes your bug go away. Otherwise I'll continue looking into this.

           

          Lastly, from what I'm seeing, the 24 byte id_array is within the allowable bounds.

           

          Jacob 

          1 of 1 people found this helpful
          • 2. Re: BLE Scan Response API call problem?

            I will try that, but the 3 elements really only take (1 + 1 + 2 + 1 + 2 + 6*4 + 1 +1) =   33 bytes

             

            93 bytes is 31 + 31 + 31 which is 2 full scan response packets, but that's not what we are doing.

             

            Please look further into it.  Thanks.

             

            Try using what I'm doing and checking if that causes a memory leak, as the system may be writing outside its allocated memory.

             

            Thanks.

            • 3. Re: BLE Scan Response API call problem?

              I just realized what the problem is:

               

              1. The size of each scr[] item is 1 byte for "len", 1 byte for "val" and N bytes for "data" (where N is the size of "data".

               

              2. scr[0] is 1 + 1 + 1 = 3, scr[1] is 1 + 1 + 2 = 4, and scr[2] is 1 + 1 + 2 + 24 = 28.  This totals up to 3 + 4 + 28 = 35 bytes.

               

              3. The maximum must be 31.  (Our advertisement packet also is 31, totaling 62, which is BLE's maximum).

               

              I need to decrease scr[n] data bytes by 4, to stay within a total of 31.

              1 of 1 people found this helpful