Bluetooth: TBS: Fix NULL pointer issue in v3.7

samples/bluetooth/tmap_peripheral/src/ccp_call_ctrl.c

@@ -7,6 +7,7 @@
  *
  *  SPDX-License-Identifier: Apache-2.0
  */
+#include <errno.h>
 
 #include <zephyr/kernel.h>
 #include <zephyr/sys/printk.h>
@@ -139,6 +140,11 @@ int ccp_originate_call(void)
 	int err;
 	char uri[CONFIG_BT_TBS_MAX_URI_LENGTH];
 
+	if (strlen(remote_uri) == 0U) {
+		printk("Remote does not support any URI schemes, cannot place call\n");
+		return -ENOENT;
+	}
+
 	strcpy(uri, remote_uri);
 	strcat(uri, URI_SEPARATOR);
 	strcat(uri, CALLER_ID);

samples/bluetooth/tmap_peripheral/src/main.c

@@ -289,9 +289,10 @@ int main(void)
 		err = ccp_originate_call();
 		if (err != 0) {
 			printk("Error sending call originate command!\n");
+		} else {
+			/* Start timer to send terminate call command */
+			k_work_schedule(&call_terminate_set_work, K_MSEC(2000));
 		}
-		/* Start timer to send terminate call command */
-		k_work_schedule(&call_terminate_set_work, K_MSEC(2000));
 	}
 
 	if (peer_is_ums) {

subsys/bluetooth/audio/tbs_client.c

@@ -744,6 +744,7 @@ static uint8_t handle_string_long_read(struct bt_conn *conn, uint8_t err,
 	uint16_t offset = params->single.offset;
 	uint8_t inst_index = tbs_index(conn, inst);
 	const char *received_string;
+	uint16_t str_length;
 	int tbs_err = err;
 
 	if ((tbs_err == 0) && (data != NULL) &&
@@ -779,44 +780,38 @@ static uint8_t handle_string_long_read(struct bt_conn *conn, uint8_t err,
 		return BT_GATT_ITER_CONTINUE;
 	}
 
-	if (inst->net_buf.len == 0) {
-		received_string = NULL;
-	} else {
-		uint16_t str_length = inst->net_buf.len;
+	str_length = inst->net_buf.len;
 
-		/* Ensure there is space for string termination */
-		if (net_buf_simple_tailroom(&inst->net_buf) < 1) {
-			LOG_DBG("Truncating string");
-			if (truncatable) {
-				/* Truncate */
-				str_length--;
-			} else {
-				tbs_err = BT_ATT_ERR_INSUFFICIENT_RESOURCES;
-			}
+	/* Ensure there is space for string termination */
+	if (net_buf_simple_tailroom(&inst->net_buf) < 1) {
+		LOG_DBG("Truncating string");
+		if (truncatable) {
+			/* Truncate */
+			str_length--;
+		} else {
+			tbs_err = BT_ATT_ERR_INSUFFICIENT_RESOURCES;
 		}
+	}
 
-		if (tbs_err == 0) {
-			char *str_data;
+	if (tbs_err == 0) {
+		char *str_data;
 
-			/* Get a reference to the string buffer */
-			str_data = net_buf_simple_pull_mem(&inst->net_buf,
-							   inst->net_buf.len);
+		/* Get a reference to the string buffer */
+		str_data = net_buf_simple_pull_mem(&inst->net_buf, inst->net_buf.len);
 
-			/* All strings are UTF-8, truncate properly if needed */
-			str_data[str_length] = '\0';
-			received_string = utf8_trunc(str_data);
+		/* All strings are UTF-8, truncate properly if needed */
+		str_data[str_length] = '\0';
+		received_string = utf8_trunc(str_data);
 
-			/* The string might have been truncated */
-			if (strlen(received_string) < str_length) {
-				LOG_DBG("Truncating string");
-				if (!truncatable) {
-					tbs_err =
-					      BT_ATT_ERR_INSUFFICIENT_RESOURCES;
-				}
+		/* The string might have been truncated */
+		if (strlen(received_string) < str_length) {
+			LOG_DBG("Truncating string");
+			if (!truncatable) {
+				tbs_err = BT_ATT_ERR_INSUFFICIENT_RESOURCES;
 			}
-
-			LOG_DBG("%s", received_string);
 		}
+
+		LOG_DBG("%s", received_string);
 	}
 
 	if (tbs_err) {
@@ -950,7 +945,7 @@ static uint8_t read_uri_list_cb(struct bt_conn *conn, uint8_t err,
 {
 	bt_tbs_client_read_string_cb cb = NULL;
 
-	LOG_DBG("Read bearer UCI");
+	LOG_DBG("Read bearer URI list");
 
 	if (tbs_client_cbs != NULL && tbs_client_cbs->uri_list != NULL) {
 		cb = tbs_client_cbs->uri_list;