zhhyu7 opened a new pull request, #18723: URL: https://github.com/apache/nuttx/pull/18723
## Summary This PR fixes 7 independent bugs found across the NuttX network subsystem. ## Impact ### 1. bluetooth: fix null pointer dereference in bluetooth_sendmsg Move the NULL check for `radio` pointer before the `DEBUGASSERT` that dereferences it. Previously, `DEBUGASSERT(radio->r_dev.d_lltype == ...)` was executed before verifying `radio != NULL`, which would crash when assertions are enabled and the device is not found. ### 2. icmp: use break instead of return in icmp_findconn Replace `return conn` with `break` inside the loop in `icmp_findconn()`. This ensures any post-loop logic (e.g., cleanup or unlocking) is properly executed before returning. ### 3. icmpv6: fix wrong logical operator in recvmsg validation Change `&&` to `||` in the `fromlen` validation of `icmpv6_recvmsg()`. The original condition `fromlen == NULL && *fromlen < sizeof(...)` would dereference `fromlen` only when it's not NULL (due to short-circuit), making the NULL check meaningless. The correct logic is: reject if `fromlen` is NULL **or** the buffer is too small. ### 4. mld: remove duplicate net_unlock in mld_timer Remove a redundant `net_unlock()` call in the early return path of `mld_gendog_work()`. The network lock is already released at the common exit path, so this would cause a double-unlock. ### 5. netfilter: fix match name for UDP in ipt_filter In both `convert_ipv4entry()` and `convert_ipv6entry()`, the `IPPROTO_UDP` case was incorrectly comparing against `XT_MATCH_NAME_TCP` instead of `XT_MATCH_NAME_UDP`. This caused UDP filter rules to never match. ### 6. netlink: fix memory leak in netlink_route Add `kmm_free(alloc)` before returning NULL when `neigh` is NULL in `netlink_get_neighbor()`. Without this, the allocated memory is leaked on the error path. ### 7. route: fix return value of net_writeroute_ipv6 Return `ntotal` (total bytes written) instead of `ret` (result of last write call). This matches the expected semantics of returning the total number of bytes written, consistent with `net_writeroute_ipv4()`. All fixes are in the `net/` subsystem. Each fix addresses a correctness or robustness issue. No functional behavior changes beyond the bug fixes. ## Testing Build and runtime verification on affected network paths. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
