Aborting an OTA update

Postby aschweiz » Thu Feb 02, 2017 3:00 pm


correct me if I'm wrong, but it seems there's no way to abort a running over-the-air update, for example if a write fails:

- just calling esp_ota_begin again will leak memory and crash the application after a few re-tries
- calling esp_ota_end doesn't release the memory if the secure bootloader is in use

IMO, esp_ota_end should either release the memory and return an error, or there should be another function like esp_ota_abort to cancel an ongoing OTA update.

@Espressif, could you please have a look at this?

Thanks and greetings

Code from esp_ota_end:

Code: Select all

esp_err_t esp_ota_end(esp_ota_handle_t handle)
    ota_ops_entry_t *it;
    for (it = LIST_FIRST(&s_ota_ops_entries_head); it != NULL; it = LIST_NEXT(it, entries)) {
        if (it->handle == handle) {
            // an ota handle need to be ended after erased and wrote data in it
            if ((it->erased_size == 0) || (it->wrote_size == 0)) {
                return ESP_ERR_INVALID_ARG;

            esp_err_t ret;
            size_t image_size;
            if (esp_image_basic_verify(it->part.address, &image_size) != ESP_OK) {
                return ESP_ERR_OTA_VALIDATE_FAILED;
            ret = esp_secure_boot_verify_signature(it->part.address, image_size);
            if (ret != ESP_OK) {
                return ESP_ERR_OTA_VALIDATE_FAILED;

            LIST_REMOVE(it, entries);

    if (it == NULL) {
        return ESP_ERR_NOT_FOUND;

    return ESP_OK;

Re: Aborting an OTA update

Postby ESP_Angus » Thu Feb 02, 2017 10:43 pm

Hi Andreas,

Thanks for reporting this. The memory leak on esp_ota_end is indeed a bug, we'll look into it.


