[bluetooth_proxy] Fix service discovery cache pollution and descriptor count parameter bug (#9902)

2025-07-28 22:26:36 +00:00 · 2025-07-27 18:50:17 -10:00 · 2025-07-27 18:50:17 -10:00 · 4933ef780b
commit 4933ef780b
parent 1702356fc8
1 changed files with 27 additions and 25 deletions
--- a/esphome/components/bluetooth_proxy/bluetooth_connection.cpp
+++ b/esphome/components/bluetooth_proxy/bluetooth_connection.cpp
@ -80,15 +80,10 @@ void BluetoothConnection::send_service_for_discovery_() {
                                                               &service_result, &service_count, this->send_service_);
  this->send_service_++;

-  if (service_status != ESP_GATT_OK) {
-    ESP_LOGE(TAG, "[%d] [%s] esp_ble_gattc_get_service error at offset=%d, status=%d", this->connection_index_,
-             this->address_str().c_str(), this->send_service_ - 1, service_status);
-    return;
-  }
-
-  if (service_count == 0) {
-    ESP_LOGE(TAG, "[%d] [%s] esp_ble_gattc_get_service missing, service_count=%d", this->connection_index_,
-             this->address_str().c_str(), service_count);
+  if (service_status != ESP_GATT_OK || service_count == 0) {
+    ESP_LOGE(TAG, "[%d] [%s] esp_ble_gattc_get_service %s, status=%d, service_count=%d, offset=%d",
+             this->connection_index_, this->address_str().c_str(), service_status != ESP_GATT_OK ? "error" : "missing",
+             service_status, service_count, this->send_service_ - 1);
    return;
  }

@ -104,15 +99,20 @@ void BluetoothConnection::send_service_for_discovery_() {
      esp_ble_gattc_get_attr_count(this->gattc_if_, this->conn_id_, ESP_GATT_DB_CHARACTERISTIC,
                                   service_result.start_handle, service_result.end_handle, 0, &total_char_count);

-  if (char_count_status == ESP_GATT_OK && total_char_count > 0) {
-    // Only reserve if we successfully got a count
-    service_resp.characteristics.reserve(total_char_count);
-  } else if (char_count_status != ESP_GATT_OK) {
+  if (char_count_status != ESP_GATT_OK) {
    ESP_LOGW(TAG, "[%d] [%s] Error getting characteristic count, status=%d", this->connection_index_,
             this->address_str().c_str(), char_count_status);
+    return;
  }

-  // Now process characteristics
+  if (total_char_count == 0) {
+    // No characteristics, just send the service response
+    api_conn->send_message(resp, api::BluetoothGATTGetServicesResponse::MESSAGE_TYPE);
+    return;
+  }
+
+  // Reserve space and process characteristics
+  service_resp.characteristics.reserve(total_char_count);
  uint16_t char_offset = 0;
  esp_gattc_char_elem_t char_result;
  while (true) {  // characteristics
@ -126,7 +126,7 @@ void BluetoothConnection::send_service_for_discovery_() {
    if (char_status != ESP_GATT_OK) {
      ESP_LOGE(TAG, "[%d] [%s] esp_ble_gattc_get_all_char error, status=%d", this->connection_index_,
               this->address_str().c_str(), char_status);
-      break;
+      return;
    }
    if (char_count == 0) {
      break;
@ -141,19 +141,21 @@ void BluetoothConnection::send_service_for_discovery_() {

    // Get the number of descriptors directly with one call
    uint16_t total_desc_count = 0;
-    esp_gatt_status_t desc_count_status =
-        esp_ble_gattc_get_attr_count(this->gattc_if_, this->conn_id_, ESP_GATT_DB_DESCRIPTOR, char_result.char_handle,
-                                     service_result.end_handle, 0, &total_desc_count);
+    esp_gatt_status_t desc_count_status = esp_ble_gattc_get_attr_count(
+        this->gattc_if_, this->conn_id_, ESP_GATT_DB_DESCRIPTOR, 0, 0, char_result.char_handle, &total_desc_count);

-    if (desc_count_status == ESP_GATT_OK && total_desc_count > 0) {
-      // Only reserve if we successfully got a count
-      characteristic_resp.descriptors.reserve(total_desc_count);
-    } else if (desc_count_status != ESP_GATT_OK) {
+    if (desc_count_status != ESP_GATT_OK) {
      ESP_LOGW(TAG, "[%d] [%s] Error getting descriptor count for char handle %d, status=%d", this->connection_index_,
               this->address_str().c_str(), char_result.char_handle, desc_count_status);
+      return;
+    }
+    if (total_desc_count == 0) {
+      // No descriptors, continue to next characteristic
+      continue;
    }

-    // Now process descriptors
+    // Reserve space and process descriptors
+    characteristic_resp.descriptors.reserve(total_desc_count);
    uint16_t desc_offset = 0;
    esp_gattc_descr_elem_t desc_result;
    while (true) {  // descriptors
@ -166,10 +168,10 @@ void BluetoothConnection::send_service_for_discovery_() {
      if (desc_status != ESP_GATT_OK) {
        ESP_LOGE(TAG, "[%d] [%s] esp_ble_gattc_get_all_descr error, status=%d", this->connection_index_,
                 this->address_str().c_str(), desc_status);
-        break;
+        return;
      }
      if (desc_count == 0) {
-        break;
+        break;  // No more descriptors
      }

      characteristic_resp.descriptors.emplace_back();