This is an automated email from the ASF dual-hosted git repository.
janc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
The following commit(s) were added to refs/heads/master by this push:
new 4fb2801ed nimble/ll: Fix NULL pointer dereference
4fb2801ed is described below
commit 4fb2801edf0ec5caa19988884a6e2852a5cbf8b5
Author: Mariusz Skamra <[email protected]>
AuthorDate: Thu Jul 17 09:04:24 2025 +0200
nimble/ll: Fix NULL pointer dereference
This fixes possible NULL pointer dereference in
ble_ll_sched_rmv_elem_type that could happen if 'g_ble_ll_sched_q'
queue is empty.
Uninitialized 'first_removed' variable has been fixed as well.
---
nimble/controller/src/ble_ll_sched.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/nimble/controller/src/ble_ll_sched.c
b/nimble/controller/src/ble_ll_sched.c
index 7f1ac9605..c2ec46a43 100644
--- a/nimble/controller/src/ble_ll_sched.c
+++ b/nimble/controller/src/ble_ll_sched.c
@@ -930,10 +930,13 @@ ble_ll_sched_rmv_elem_type(uint8_t type,
sched_remove_cb_func remove_cb)
OS_ENTER_CRITICAL(sr);
first = TAILQ_FIRST(&g_ble_ll_sched_q);
- if (first->sched_type == type) {
- first_removed = 1;
+ if (!first) {
+ OS_EXIT_CRITICAL(sr);
+ return;
}
+ first_removed = first->sched_type == type;
+
TAILQ_FOREACH(entry, &g_ble_ll_sched_q, link) {
if (entry->sched_type != type) {
continue;
