From 07dcca4e6f14514a473d972802e0fd055efdd150 Mon Sep 17 00:00:00 2001
From: Luca Burelli <l.burelli@arduino.cc>
Date: Mon, 15 Dec 2025 12:04:22 +0100
Subject: [PATCH 1/2] EncryptedBatteryMonitor: fix memory management bugs

There was a buffer overflow in the EncryptedBatteryMonitor example code
when formatting the 6-digit confirmation code for display during
pairing, since the terminating null character was not accounted for in
the buffer size.

Also, there was a memory leak due to unnecessary dynamic allocation
when setting the initial value of the string characteristic.

Signed-off-by: Luca Burelli <l.burelli@arduino.cc>
---
 .../EncryptedBatteryMonitor/EncryptedBatteryMonitor.ino      | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/examples/Peripheral/EncryptedBatteryMonitor/EncryptedBatteryMonitor.ino b/examples/Peripheral/EncryptedBatteryMonitor/EncryptedBatteryMonitor.ino
index dfc9f4a0..32421d25 100644
--- a/examples/Peripheral/EncryptedBatteryMonitor/EncryptedBatteryMonitor.ino
+++ b/examples/Peripheral/EncryptedBatteryMonitor/EncryptedBatteryMonitor.ino
@@ -59,7 +59,7 @@ void setup() {
   BLE.setDisplayCode([](uint32_t confirmCode){
     Serial.println("New device pairing request.");
     Serial.print("Confirm code matches pairing device: ");
-    char code[6];
+    char code[7];
     sprintf(code, "%06d", confirmCode);
     Serial.println(code);
   });
@@ -176,8 +176,7 @@ void setup() {
 
     BLE.addService(batteryService);               // Add the battery service
     batteryLevelChar.writeValue(oldBatteryLevel); // set initial value for this characteristic
-    char* stringCharValue = new char[32];
-    stringCharValue = "string";
+    const char* stringCharValue = "string";
     stringcharacteristic.writeValue(stringCharValue);
     secretValue.writeValue(0);
 

From 2c0e22860f164b3782d26920904bf980e460095c Mon Sep 17 00:00:00 2001
From: Luca Burelli <l.burelli@arduino.cc>
Date: Mon, 15 Dec 2025 12:08:34 +0100
Subject: [PATCH 2/2] misc: fix compiler warnings

Fix various compiler warnings about unused parameters, signed-unsigned
comparisons and enum/int mismatches.

Signed-off-by: Luca Burelli <l.burelli@arduino.cc>
---
 examples/Peripheral/CallbackLED/CallbackLED.ino      |  4 ++++
 .../EncryptedBatteryMonitor.ino                      | 12 +++++++-----
 src/utility/HCIVirtualTransportZephyr.cpp            |  2 +-
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/examples/Peripheral/CallbackLED/CallbackLED.ino b/examples/Peripheral/CallbackLED/CallbackLED.ino
index 59bda5ed..f5840117 100644
--- a/examples/Peripheral/CallbackLED/CallbackLED.ino
+++ b/examples/Peripheral/CallbackLED/CallbackLED.ino
@@ -82,6 +82,10 @@ void blePeripheralDisconnectHandler(BLEDevice central) {
 }
 
 void switchCharacteristicWritten(BLEDevice central, BLECharacteristic characteristic) {
+  // unused parameters
+  (void)central;
+  (void)characteristic;
+
   // central wrote new value to characteristic, update LED
   Serial.print("Characteristic event, written: ");
 
diff --git a/examples/Peripheral/EncryptedBatteryMonitor/EncryptedBatteryMonitor.ino b/examples/Peripheral/EncryptedBatteryMonitor/EncryptedBatteryMonitor.ino
index 32421d25..4cb98763 100644
--- a/examples/Peripheral/EncryptedBatteryMonitor/EncryptedBatteryMonitor.ino
+++ b/examples/Peripheral/EncryptedBatteryMonitor/EncryptedBatteryMonitor.ino
@@ -18,9 +18,10 @@
 #include <ArduinoBLE.h>
 
 
-#define PAIR_BUTTON 3        // button for pairing
+#define PAIR_BUTTON 3         // button for pairing
 #define PAIR_LED 24           // LED used to signal pairing
 #define PAIR_LED_ON LOW       // Blue LED on Nano BLE has inverted logic
+#define PAIR_LED_OFF HIGH     // ... so these are inverted as well
 #define PAIR_INTERVAL 30000   // interval for pairing after button press in ms
 
 #define CTRL_LED LED_BUILTIN
@@ -65,7 +66,7 @@ void setup() {
   });
 
   // Callback to allow accepting or rejecting pairing
-  BLE.setBinaryConfirmPairing([&acceptOrReject](){
+  BLE.setBinaryConfirmPairing([](){
     Serial.print("Should we confirm pairing? ");
     delay(5000);
     if(acceptOrReject){
@@ -218,9 +219,10 @@ void loop() {
     BLE.setPairable(false);
     Serial.println("No longer accepting pairing");
   }
-  // Make LED blink while pairing is allowed
-  digitalWrite(PAIR_LED, (BLE.pairable() ? (millis()%400)<200 : BLE.paired()) ? PAIR_LED_ON : !PAIR_LED_ON);
 
+  // Make LED blink while pairing is allowed, steady ON when paired
+  bool led_status = BLE.pairable() ? (millis()%400)<200 : BLE.paired();
+  digitalWrite(PAIR_LED, led_status ? PAIR_LED_ON : PAIR_LED_OFF);
 
   // if a central is connected to the peripheral:
   if (central && central.connected()) {
@@ -261,4 +263,4 @@ void updateBatteryLevel() {
     batteryLevelChar.writeValue(batteryLevel);  // and update the battery level characteristic
     oldBatteryLevel = batteryLevel;           // save the level for next comparison
   }
-}
\ No newline at end of file
+}
diff --git a/src/utility/HCIVirtualTransportZephyr.cpp b/src/utility/HCIVirtualTransportZephyr.cpp
index bf278235..51216a17 100644
--- a/src/utility/HCIVirtualTransportZephyr.cpp
+++ b/src/utility/HCIVirtualTransportZephyr.cpp
@@ -91,7 +91,7 @@ static int cyw4343_download_firmware(const struct device *uart) {
   }
 
   // Load the firmware image.
-  for (size_t offset=0; offset < brcm_patch_ram_length;) {
+  for (int offset=0; offset < brcm_patch_ram_length;) {
     uint8_t  length = brcm_patchram_buf[offset + 2];
     uint16_t opcode = (brcm_patchram_buf[offset + 0]) |
                       (brcm_patchram_buf[offset + 1] << 8);