Retain the underlying CBPeripheral in MTRCommissionableBrowserResult

This avoids a dangling pointer if the BleConnectionDelegateImpl drops the
peripheral from the cache while a client still holds the browser result.

Also document what BLE_CONNECTION_OBJECT is on Darwin.

Author: ksperling-apple

src/darwin/Framework/CHIP/MTRCommissionableBrowser.mm

@@ -39,6 +39,8 @@
 
 using namespace chip::Tracing::DarwinFramework;
 
+@class CBPeripheral;
+
 @implementation MTRCommissionableBrowserResultInterfaces
 @end
 
@@ -48,6 +50,7 @@ @interface MTRCommissionableBrowserResult ()
 @property (nonatomic) NSNumber * productID;
 @property (nonatomic) NSNumber * discriminator;
 @property (nonatomic) BOOL commissioningMode;
+@property (nonatomic, strong, nullable) CBPeripheral * peripheral;
 @end
 
 @implementation MTRCommissionableBrowserResult
@@ -302,6 +305,7 @@ void OnBleScanAdd(BLE_CONNECTION_OBJECT connObj, const ChipBLEDeviceIdentificati
         result.discriminator = @(info.GetDeviceDiscriminator());
         result.commissioningMode = YES;
         result.params = chip::MakeOptional(chip::Controller::SetUpCodePairerParameters(connObj, false /* connected */));
+        result.peripheral = (__bridge CBPeripheral *) connObj; // avoid params holding a dangling pointer
 
         MATTER_LOG_METRIC(kMetricBLEDevicesAdded, ++mBLEDevicesAdded);
 

src/darwin/Framework/CHIPTests/MTRBleTests.m

@@ -117,8 +117,6 @@ - (void)testBleCommissionableBrowserResultAdditionAndRemoval
 
 - (void)testBleCommissionAfterStopBrowseUAF
 {
-    XCTSkip(@"Skip reproducer for known UAF crash");
-
     __block MTRCommissionableBrowserResult * device;
     XCTestExpectation * didFindDevice = [self expectationWithDescription:@"did find device"];
     TestBrowserDelegate * delegate = [[TestBrowserDelegate alloc] init];

src/platform/Darwin/BlePlatformConfig.h

@@ -26,6 +26,10 @@
 
 // ==================== Platform Adaptations ====================
 
+#define BLE_CONNECTION_OBJECT void * // actually __unsafe_unretained CBPeripheral *
+#define BLE_CONNECTION_UNINITIALIZED nullptr
+#define BLE_USES_DEVICE_EVENTS 0
+
 // ========== Platform-specific Configuration Overrides =========
 
 /* none so far */