diff options
| author | Abhay Agarwal <ay.agarwal@samsung.com> | 2020-09-11 15:06:37 +0530 |
|---|---|---|
| committer | Abhay Agarwal <ay.agarwal@samsung.com> | 2020-09-11 15:26:01 +0530 |
| commit | fea68267b586dfeffcff2cb71ac53bb0941bc1be (patch) | |
| tree | 0c7024a6c7ab32d42e109936bd8f9a242a0c4b6a | |
| parent | d47265b5ac64c3e0cea7e3c00d37aec9e0c667c5 (diff) | |
| download | bluetooth-fea68267b586dfeffcff2cb71ac53bb0941bc1be.tar.gz bluetooth-fea68267b586dfeffcff2cb71ac53bb0941bc1be.tar.bz2 bluetooth-fea68267b586dfeffcff2cb71ac53bb0941bc1be.zip | |
Mesh: Fix crash due to derefence of NULL pointersubmit/tizen/20200913.230045accepted/tizen/unified/20200914.131334
This patch fix the crash occured due to dererencing without null check
(gdb) bt
0 0xf7051b4a in g_slist_length () from /lib/libglib-2.0.so.0
1 0xf716ab6c in __bt_mesh_destroy_network_handles (net=net@entry=0x1fc9100) at /usr/src/debug/capi-network-bluetooth-0.6.0/src/bluetooth-mesh.c:869
2 0xf716ae14 in __bt_mesh_destroy_network_handles (net=0x1fc9100) at /usr/src/debug/capi-network-bluetooth-0.6.0/src/bluetooth-mesh.c:854
3 __mesh_unload_network_configurations (data=0x1fc9100, user_data=<optimized out>) at /usr/src/debug/capi-network-bluetooth-0.6.0/src/bluetooth-mesh.c:709
4 0xf7051b6c in g_slist_foreach () from /lib/libglib-2.0.so.0
5 0xf716bc9e in bt_mesh_deinitialize () at /usr/src/debug/capi-network-bluetooth-0.6.0/src/bluetooth-mesh.c:731
Change-Id: I25aee100d88f4fa281cdeb6f04b64bf6d60184ff
Signed-off-by: Abhay Agarwal <ay.agarwal@samsung.com>
| -rw-r--r-- | src/bluetooth-mesh.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/bluetooth-mesh.c b/src/bluetooth-mesh.c index dfc0c3b..6798f35 100644 --- a/src/bluetooth-mesh.c +++ b/src/bluetooth-mesh.c @@ -338,6 +338,10 @@ int __bt_check_mesh_init_status(void) static void __bt_mesh_free_models(void *data) { bt_mesh_model_s *model = (bt_mesh_model_s*)data; + + if (!model) + return; + model_list = g_slist_remove(model_list, model); g_free(model); } @@ -345,6 +349,10 @@ static void __bt_mesh_free_models(void *data) static void __bt_mesh_free_elements(void *data) { bt_mesh_element_s *elem = (bt_mesh_element_s*)data; + + if (!elem) + return; + element_list = g_slist_remove(element_list, elem); g_slist_free_full(elem->models, __bt_mesh_free_models); g_free(elem); @@ -354,6 +362,10 @@ static void __bt_mesh_free_elements(void *data) static void __bt_mesh_free_appkeys(void *data) { bt_mesh_appkey_s *appkey = (bt_mesh_appkey_s*)data; + + if (!appkey) + return; + appkey_list = g_slist_remove(appkey_list, appkey); g_free(appkey); } @@ -864,6 +876,9 @@ static void __bt_mesh_destroy_network_handles(bt_mesh_network_s *net) bt_mesh_node_s *node_s = (bt_mesh_node_s*)l->data; l = g_slist_next(l); + if (!node_s) + continue; + net->nodes = g_slist_remove(net->nodes, node_s); node_list = g_slist_remove(node_list, node_s); BT_INFO("Mesh: Total elements present in Node [%d]", @@ -880,6 +895,9 @@ static void __bt_mesh_destroy_network_handles(bt_mesh_network_s *net) bt_mesh_netkey_s *netkey_s = (bt_mesh_netkey_s*)l->data; l = g_slist_next(l); + if (!netkey_s) + continue; + net->netkeys = g_slist_remove(net->netkeys, netkey_s); netkey_list = g_slist_remove(netkey_list, netkey_s); BT_INFO("Mesh: Total appkeys present in Netkey [%d]", @@ -895,6 +913,9 @@ static void __bt_mesh_destroy_network_handles(bt_mesh_network_s *net) bt_mesh_group_s *group_s = (bt_mesh_group_s*)l->data; l = g_slist_next(l); + if (!group_s) + continue; + net->groups = g_slist_remove(net->groups, group_s); group_list = g_slist_remove(group_list, group_s); g_free(group_s); |