fix unsound access in EvtBox

embassy-stm32-wpan/Cargo.toml

@@ -24,7 +24,7 @@ heapless = "0.7.16"
 
 bit_field = "0.10.2"
 stm32-device-signature = { version = "0.3.3", features = ["stm32wb5x"] }
-bluetooth-hci-async = { version = "*", git = "https://github.com/OueslatiGhaith/bluetooth-hci", optional = true }
+bluetooth-hci-async = { version = "*", git = "https://github.com/OueslatiGhaith/bluetooth-hci", features = ["version-5-0"], optional = true }
 
 [features]
 defmt = ["dep:defmt", "embassy-sync/defmt", "embassy-embedded-hal/defmt", "embassy-hal-common/defmt"]

embassy-stm32-wpan/src/ble.rs

@@ -70,9 +70,10 @@ impl hci::Controller for Ble {
         self.tl_write(opcode.0, payload).await;
     }
 
-    async fn controller_read(&self) -> &[u8] {
+    async fn controller_read_into(&self, buf: &mut [u8]) {
         let evt_box = self.tl_read().await;
+        let evt_serial = evt_box.serial();
 
-        evt_box.serial()
+        buf[..evt_serial.len()].copy_from_slice(evt_serial);
     }
 }

embassy-stm32-wpan/src/evt.rs

@@ -106,14 +106,6 @@ impl EvtBox {
         Self { ptr }
     }
 
-    pub fn evt<'a>(&self) -> &'a [u8] {
-        unsafe {
-            let evt_packet = &(*self.ptr);
-
-            core::slice::from_raw_parts(evt_packet as *const _ as *const u8, core::mem::size_of::<EvtPacket>())
-        }
-    }
-
     /// Returns information about the event
     pub fn stub(&self) -> EvtStub {
         unsafe {
@@ -137,7 +129,7 @@ impl EvtBox {
     /// writes an underlying [`EvtPacket`] into the provided buffer.
     /// Returns the number of bytes that were written.
     /// Returns an error if event kind is unknown or if provided buffer size is not enough.
-    pub fn serial<'a>(&self) -> &'a [u8] {
+    pub fn serial<'a>(&'a self) -> &'a [u8] {
         unsafe {
             let evt_serial: *const EvtSerial = &(*self.ptr).evt_serial;
             let evt_serial_buf: *const u8 = evt_serial.cast();