TCNOpen / Tickets / #186 Potential SEGFAULT in case of PD timeout

Components for IEC61375 standardised communication

#186 Potential SEGFAULT in case of PD timeout

Milestone: 1.4.0.0

Status: closed

Owner: Bernd Löhr

Labels: PD (2)

Updated: 2018-05-03

Created: 2018-01-08

Creator: Lorenzo Buzzi

Private: No

In the trdp_pdHandleTimeOuts() function (common/trdp_pdcom.c) the iterPD->pFrame pointer is checked against NULL value in order to avoid NULL dereferencing in the further iterPD->pfCbFunction call.

Anyway some code lines above the check (line 771), the iterPD->pFrame pointer is used 7 times to access ist frameHead subfield without any check.

As far as I can understand in case of timeout the pFrame pointer could (should?) be NULL. So dereferncing pFrame to access frameHead should not be done since leading to a SEGFAULT.

I propose the attached patch to prevent this unenviable scenario.

1 Attachments

05-pd-timeout.patch

Discussion

Bernd Löhr - 2018-01-29

status: unread --> pending

assigned_to: Bernd Löhr
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bernd Löhr - 2018-01-29

You're right, but your patch missed one possible case ;-)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bernd Löhr - 2018-05-03

status: pending --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Potential SEGFAULT in case of PD timeout

Components for IEC61375 standardised communication

Milestone

Searches

Help

#186 Potential SEGFAULT in case of PD timeout

Discussion