From e26b60090d0452523ca7fb730dd2cebb047c1997 Mon Sep 17 00:00:00 2001
From: zhanghaipeng <zhanghaipeng@espressif.com>
Date: Thu, 27 Nov 2025 18:04:43 +0800
Subject: [PATCH] fix(ble/bluedroid): Use calloc in gatt_server example

---
 examples/bluetooth/bluedroid/ble/gatt_server/main/gatts_demo.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/examples/bluetooth/bluedroid/ble/gatt_server/main/gatts_demo.c b/examples/bluetooth/bluedroid/ble/gatt_server/main/gatts_demo.c
index cb5206f0b5..60fc5a94de 100644
--- a/examples/bluetooth/bluedroid/ble/gatt_server/main/gatts_demo.c
+++ b/examples/bluetooth/bluedroid/ble/gatt_server/main/gatts_demo.c
@@ -282,7 +282,8 @@ void example_write_event_env(esp_gatt_if_t gatts_if, prepare_type_env_t *prepare
                 }
             }
 
-            esp_gatt_rsp_t *gatt_rsp = (esp_gatt_rsp_t *)malloc(sizeof(esp_gatt_rsp_t));
+            // Security fix: Use calloc to ensure memory is zero-initialized
+            esp_gatt_rsp_t *gatt_rsp = (esp_gatt_rsp_t *)calloc(1, sizeof(esp_gatt_rsp_t));
             if (gatt_rsp) {
                 gatt_rsp->attr_value.len = param->write.len;
                 gatt_rsp->attr_value.handle = param->write.handle;