I am trying to read extended inquiry information so that I can get device name and such without having to go and manually fetch. Based on the Tiva C classic SPP demo, I have modified the code as such:
on startup:
GAP_Set_Inquiry_Mode(BluetoothStackID, imExtended);
in GAP event callback:
case etExtended_Inquiry_Entry_Result: { GAP_Extended_Inquiry_Entry_Event_Data_t *pData; GAP_Extended_Inquiry_Response_Data_t *pResp; Display(("\n<%s>\n", EventNames[GAP_Event_Data->Event_Data_Type])); pData = GAP_Event_Data->Event_Data.GAP_Extended_Inquiry_Entry_Event_Data; pResp = &(pData->Extended_Inquiry_Response_Data); /* Next convert the BD_ADDR to a string. */ BD_ADDRToStr(pData->BD_ADDR, Callback_BoardStr); ClassToStr(pData->Class_of_Device, Callback_ClassStr); Display(("\t%s - class %s - %d entries\r\n", Callback_BoardStr, Callback_ClassStr, pResp->Number_Data_Entries)); ShowExtendedInquiryData(pResp); Display(("\n</%s>\n", EventNames[GAP_Event_Data->Event_Data_Type])); break; }
(ShowExtendedInquiryData is a function I made which steps through a GAP_Extended_Inquiry_Response_Data_t * and prints all the entries out)
When I start the inquiry, on one of the results I'll see "Invalid size" (which is not something that I print, so it must be internal to the stack), followed by an extended inquiry entry result showing "0 entries". I can see the extended inquiry result from every other device, which works fine, but I wanted to see why it couldn't process the other one.
I saw in the documentation that I could use the HCI event callback to get extended inquiry results, so I added this to that callback to try:
case etExtended_Inquiry_Result_Event: { HCI_Extended_Inquiry_Result_Event_Data_t *pData; GAP_Extended_Inquiry_Response_Data_t pParsed; int x; GAP_Extended_Inquiry_Response_Data_Entry_t Data_Entries[10]; Display(("\n<%s>\n", EventNames[HCI_Event_Data->Event_Data_Type])); pData = HCI_Event_Data->Event_Data.HCI_Extended_Inquiry_Result_Event_Data; x = GAP_Parse_Extended_Inquiry_Response_Data( &pData->HCI_Inquiry_Result_Data.Extended_Inquiry_Response, NULL); Display(("\tNeed %d entries for extended inquiry response parsing\n", x)); pParsed.Number_Data_Entries = 10; pParsed.Data_Entries = Data_Entries; x = GAP_Parse_Extended_Inquiry_Response_Data( &pData->HCI_Inquiry_Result_Data.Extended_Inquiry_Response, &pParsed); if (x > 0) { Display(("\tProcessed %d entries from HCI extended inquiry event:\n", x)); ShowExtendedInquiryData(&pParsed); } else { Display(("\tGAP Parse Extended Inquiry Response Data result: %d / 0x%02x\n", x, x)); } Display(("\n</%s>\n", EventNames[HCI_Event_Data->Event_Data_Type])); break; }
Handling the HCI event reveals little else about what's going on, and also causes an "Invalid size" error to be printed out when I perform the GAP Parse Extended Inquiry Response Data. It works fine when the GAP event callback works fine, so I'll see 2 copies of each correctly parsed inquiry result and nothing of the one with the error.
When breakpointed during etExtended_Inquiry_Result_Event, I can see characters of the phone's friendly name in place of where BD_ADDR, Page_Scan_Repetition_Mode, Class of Device, etc. should be, so it looks like the memory preceding the Extended_Inquiry_Response_Data has been overwritten. I see that Extended_Inquiry_Response_Data is a char[240], but I'm not quite sure where I'd be able to make that bigger to fit what I can only assume to be a larger extended inquiry response. I do not believe I am passing it any particular address into which to fill the incoming extended inquiry response itself (only the processed data entries which are pointers), so the stack must be filling a buffer of its own.
Here is a log printout of what happens during an inquiry. An iPhone 5s and two Sena SMH10 headsets are set to visible during the scan.
Client> inquiry Client> <GAP Extended Inquiry Entry Result> 0x0001950ea9bf - class 0x240404 - 3 entries Shortened Name: Sena SMH10 TX power level: 16 Service Class UUIDs (16 bit): 0x111e 0x1108 0x110d 0x110b </GAP Extended Inquiry Entry Result> Client> <HCI Extended Inquiry Result Event> Need 3 entries for extended inquiry response parsing Processed 3 entries from HCI extended inquiry event: Shortened Name: Sena SMH10 TX power level: 16 Service Class UUIDs (16 bit): 0x111e 0x1108 0x110d 0x110b </HCI Extended Inquiry Result Event> Invalid size <GAP Extended Inquiry Entry Result> 0xb8e856e798ea - class 0x7a020c - 0 entries </GAP Extended Inquiry Entry Result> Client> <HCI Extended Inquiry Result Event> Need 5 entries for extended inquiry response parsing Invalid size GAP Parse Extended Inquiry Response Data result: 0 / 0x00 </HCI Extended Inquiry Result Event> <GAP Extended Inquiry Entry Result> 0x0001950f6d84 - class 0x240404 - 3 entries Shortened Name: Sena SMH10 TX power level: 16 Service Class UUIDs (16 bit): 0x111e 0x1108 0x110d 0x110b </GAP Extended Inquiry Entry Result> Client> <HCI Extended Inquiry Result Event> Need 3 entries for extended inquiry response parsing Processed 3 entries from HCI extended inquiry event: Shortened Name: Sena SMH10 TX power level: 16 Service Class UUIDs (16 bit): 0x111e 0x1108 0x110d 0x110b </HCI Extended Inquiry Result Event> <GAP Inquiry Result> Result: 1,0x0001950ea9bf - class 0x240404. Result: 2,0xb8e856e798ea - class 0x7a020c. Result: 3,0x0001950f6d84 - class 0x240404. </GAP Inquiry Result> Client>
Any ideas on what could be causing an "Invalid size" error, or why the buffer could be overrunning in this manner?
edit: I was initially encountering a bus fault during/immediately after the inquiry but I can't get it to reproduce now--I'm assuming it has to do with this buffer overrun.