From 7c3e6ad7b933d6d9aa7d971b4e8ffca00a53785f Mon Sep 17 00:00:00 2001
From: Mariusz Skamra <mariusz.skamra@codecoup.pl>
Date: Wed, 29 Apr 2026 13:13:54 +0200
Subject: [PATCH 1/3] nimble/host: Fix the iso connection handle type

This fixes the connection handle type, which is two octet value as per
Core specification.
---
 nimble/host/src/ble_iso.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nimble/host/src/ble_iso.c b/nimble/host/src/ble_iso.c
index 600e7ed5bf..9ac20760fd 100644
--- a/nimble/host/src/ble_iso.c
+++ b/nimble/host/src/ble_iso.c
@@ -73,7 +73,7 @@ struct ble_iso_big {
 struct ble_iso_conn {
     SLIST_ENTRY(ble_iso_conn) next;
     enum ble_iso_conn_type type;
-    uint8_t handle;
+    uint16_t handle;
 
     struct ble_iso_rx_data_info rx_info;
     struct os_mbuf *rx_buf;

From 5af99a7bf401105abe11a0c526750fd4cc48923f Mon Sep 17 00:00:00 2001
From: Mariusz Skamra <mariusz.skamra@codecoup.pl>
Date: Wed, 29 Apr 2026 13:15:34 +0200
Subject: [PATCH 2/3] nimble/host: Fix uninitialized ISO conn handle

This sets the initial conn handle value to 0xFFFF, which is the value
outside of valid range.
---
 nimble/host/src/ble_iso.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nimble/host/src/ble_iso.c b/nimble/host/src/ble_iso.c
index 9ac20760fd..ab5f433935 100644
--- a/nimble/host/src/ble_iso.c
+++ b/nimble/host/src/ble_iso.c
@@ -184,6 +184,7 @@ ble_iso_bis_alloc(struct ble_iso_big *big)
 
     memset(new_bis, 0, sizeof *new_bis);
     new_bis->conn.type = BLE_ISO_CONN_BIS;
+    new_bis->conn.handle = BLE_HS_CONN_HANDLE_NONE;
     new_bis->big = big;
 
     ble_iso_conn_append(&new_bis->conn);

From cdb4bfb5b934b334895a91ef0e4f5d72744818f8 Mon Sep 17 00:00:00 2001
From: Mariusz Skamra <mariusz.skamra@codecoup.pl>
Date: Wed, 29 Apr 2026 13:18:38 +0200
Subject: [PATCH 3/3] nimble/host: Refactor ble_iso_big_conn_handles_init

This refactors ble_iso_big_conn_handles_init macro into function.
Few asserts have been added to catch the potential issues. The nested
loop has been removed.
---
 nimble/host/src/ble_iso.c | 63 ++++++++++++++++++++++++---------------
 1 file changed, 39 insertions(+), 24 deletions(-)

diff --git a/nimble/host/src/ble_iso.c b/nimble/host/src/ble_iso.c
index ab5f433935..c471d4c600 100644
--- a/nimble/host/src/ble_iso.c
+++ b/nimble/host/src/ble_iso.c
@@ -34,28 +34,6 @@
 #define min(a, b) ((a) < (b) ? (a) : (b))
 #endif
 
-#define ble_iso_big_conn_handles_init(_big, _handles, _num_handles)         \
-    do {                                                                    \
-        struct ble_iso_conn *conn = SLIST_FIRST(&ble_iso_conns);            \
-                                                                            \
-        for (uint8_t i = 0; i < (_num_handles); i++) {                      \
-            while (conn != NULL) {                                          \
-                if (conn->type == BLE_ISO_CONN_BIS) {                       \
-                    struct ble_iso_bis *bis;                                \
-                                                                            \
-                    bis = CONTAINER_OF(conn, struct ble_iso_bis, conn);     \
-                    if (bis->big == (_big)) {                               \
-                        conn->handle = le16toh((_handles)[i]);              \
-                        conn = SLIST_NEXT(conn, next);                      \
-                        break;                                              \
-                    }                                                       \
-                }                                                           \
-                                                                            \
-                conn = SLIST_NEXT(conn, next);                              \
-            }                                                               \
-        }                                                                   \
-    } while (0);
-
 enum ble_iso_conn_type {
     BLE_ISO_CONN_BIS,
 };
@@ -96,6 +74,43 @@ static struct os_mempool ble_iso_bis_pool;
 static os_membuf_t ble_iso_bis_mem[
     OS_MEMPOOL_SIZE(MYNEWT_VAL(BLE_ISO_MAX_BISES), sizeof (struct ble_iso_bis))];
 
+static int
+ble_iso_big_conn_handles_set(struct ble_iso_big *big, const uint8_t *handles,
+                             uint8_t num_handles)
+{
+    struct ble_iso_conn *conn;
+    uint8_t assigned = 0;
+
+    assert(big != NULL);
+    assert(handles != NULL);
+    assert(num_handles > 0);
+
+    SLIST_FOREACH(conn, &ble_iso_conns, next) {
+        struct ble_iso_bis *bis;
+
+        if (assigned == num_handles) {
+            break;
+        }
+
+        if (conn->type != BLE_ISO_CONN_BIS) {
+            continue;
+        }
+
+        bis = CONTAINER_OF(conn, struct ble_iso_bis, conn);
+        if (bis->big != big) {
+            continue;
+        }
+
+        assert(conn->handle == BLE_HS_CONN_HANDLE_NONE);
+        conn->handle = get_le16(&handles[assigned * sizeof(uint16_t)]);
+        assigned++;
+    }
+
+    assert(assigned == num_handles);
+
+    return 0;
+}
+
 static void
 ble_iso_conn_append(struct ble_iso_conn *conn)
 {
@@ -360,7 +375,7 @@ ble_iso_rx_create_big_complete(const struct ble_hci_ev_le_subev_create_big_compl
             /* XXX: Should we destroy the group? */
         }
 
-        ble_iso_big_conn_handles_init(big, ev->conn_handle, ev->num_bis);
+        ble_iso_big_conn_handles_set(big, (const uint8_t *)ev->conn_handle, ev->num_bis);
 
         big->max_pdu = ev->max_pdu;
 
@@ -643,7 +658,7 @@ ble_iso_rx_big_sync_established(const struct ble_hci_ev_le_subev_big_sync_establ
             /* XXX: Should we destroy the group? */
         }
 
-        ble_iso_big_conn_handles_init(big, ev->conn_handle, ev->num_bis);
+        ble_iso_big_conn_handles_set(big, (const uint8_t *)ev->conn_handle, ev->num_bis);
 
         event.big_sync_established.desc.big_handle = ev->big_handle;
         event.big_sync_established.desc.transport_latency_big =