[Bug report] nRF SDK GPIOTE bug

Question

Bug in the SDK function below. channel_free is called whether or not pin_in_use_by_te() is true or not. For us this resulted in channel_free() getting called with an invalid channel_port of FF which resulted in an out of bounds dereference and memory corruption. I would suggest only calling channel_free() if pin_in_use_by_te() is true. 
 We found this in v13.0.0, but it looks like it's still in the latest version. 
 I'm aware that we probably shouldn't be calling uninit on a function that hasn't had init called first, but regardless I think the protection would be wise. 
 void nrfx_gpiote_in_uninit(nrfx_gpiote_pin_t pin) { NRFX_ASSERT(nrf_gpio_pin_present_check(pin)); NRFX_ASSERT(pin_in_use_by_gpiote(pin)); nrfx_gpiote_in_event_disable(pin); if ( pin_in_use_by_te (pin)) { nrf_gpiote_te_default((uint32_t)channel_port_get(pin)); } if (pin_configured_check(pin)) { nrf_gpio_cfg_default(pin); pin_configured_clear(pin); } channel_free ((uint8_t)channel_port_get(pin)); pin_in_use_clear(pin); }

Stian Røed Hafskjold · Accepted Answer

A fix has now been added to nrfx based on your feedback. It's part of the 2.5.0 release: https://github.com/NordicSemiconductor/nrfx/blob/v2.5.0/drivers/src/nrfx_gpiote.c#L822 
 It will also be added to the next SDK release.