fix(ble_ota): fix reading of NimBLE's mbufs (AEGHB-1060)

[Rodrigodd]

Description

When testing the ble_ota example, using version 1.2.0 of the Android test app, I could not get the OTA to work, it was failing on "Unable to decipher GCM key". Putting a couple of ESP_LOG_BUFFER_HEX in the code, I found out that chunks of the file were being skipped.

The problem was how the Nimble's mbufs were being read in the code path of the pre-encoded OTA. It seems only the first two buffers of the mbuf linked list were being manually read. I fixed that by replacing the manual code with provided APIs like os_mbuf_copydata and os_mbuf_len. I applied the same fix to the non-pre-encoded OTA code path, although I believe it was not broken like the pre-encoded OTA; however, I did not confirm this.

After fixing the problem, I had to increase the stack size of the NimBLE task.

Related

Testing

I am not sure if this bug always happens or specific conditions are necessary. I tested it using the following sdkconfig.defaults (got from idf.py save-defconfig) with a custom board with a ESP32-C3, with version 1.2.0 and 1.1.0 of the test APP on Android 13, sending the build/ble_ota_secure.bin file from the same build as the flashed code.

# This file was generated using idf.py save-defconfig. It can be edited manually.
# Espressif IoT Development Framework (ESP-IDF) 5.2.3 Project Minimal Configuration
#
CONFIG_IDF_TARGET="esp32c6"
CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_EXAMPLE_USE_PRE_ENC_OTA=y
CONFIG_BT_ENABLED=y
CONFIG_BT_NIMBLE_ENABLED=y
CONFIG_BT_NIMBLE_HOST_TASK_STACK_SIZE=6144
CONFIG_ESP_HTTPS_OTA_DECRYPT_CB=y
CONFIG_PRE_ENC_OTA=y

---

Checklist

Before submitting a Pull Request, please ensure the following:

• 🚨 This PR does not introduce breaking changes.
• All CI checks (GH Actions) pass.
• Documentation is updated as needed.
• Tests are updated or added as necessary.
• Code is well-commented, especially in complex areas.
• Git history is clean — commits are squashed to the minimum necessary.

[github-actions]

	Messages
📖	🎉 Good Job! All checks are passing!

👋 Hello Rodrigodd, we appreciate your contribution to this project!

---

Click to see more instructions ...

This automated output is generated by the PR linter DangerJS, which checks if your Pull Request meets the project's requirements and helps you fix potential issues.

DangerJS is triggered with each push event to a Pull Request and modify the contents of this comment.

Please consider the following:
- Danger mainly focuses on the PR structure and formatting and can't understand the meaning behind your code or changes.
- Danger is not a substitute for human code reviews; it's still important to request a code review from your colleagues.
- To manually retry these Danger checks, please navigate to the Actions tab and re-run last Danger workflow.

Review and merge process you can expect ...

We do welcome contributions in the form of bug reports, feature requests and pull requests.

1. An internal issue has been created for the PR, we assign it to the relevant engineer.
2. They review the PR and either approve it or ask you for changes or clarifications.
3. Once the GitHub PR is approved we do the final review, collect approvals from core owners and make sure all the automated tests are passing.
- At this point we may do some adjustments to the proposed change, or extend it by adding tests or documentation.
4. If the change is approved and passes the tests it is merged into the default branch.

Generated by 🚫 dangerJS against bc1e6f9

[leeebo]

Hi @Rodrigodd Thank you for your contribution! We will review the code as soon as possible.

[fnadeau]

Thanks for the patch. I had the exact same issue and this fixed it. Tested on esp32 and esp32-h2.