From 2d82d33ce640fcaf4f5ab1e0c947d190da4433ff Mon Sep 17 00:00:00 2001 From: Ganesh Ganapathi Batta Date: Mon, 28 Apr 2014 16:21:04 -0700 Subject: [PATCH] Fix Null pointer access in GKI timer library Change-Id: Iada2d426fe4592416eed988202c14599656b33e4 --- gki/common/gki_common.h | 1 + gki/common/gki_time.c | 13 ++++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/gki/common/gki_common.h b/gki/common/gki_common.h index ff5a67573..2fadcdc41 100644 --- a/gki/common/gki_common.h +++ b/gki/common/gki_common.h @@ -45,6 +45,7 @@ #define GKI_ERROR_ADDR_NOT_IN_BUF 0xFFF5 #define GKI_ERROR_OUT_OF_BUFFERS 0xFFF4 #define GKI_ERROR_GETPOOLBUF_BAD_QID 0xFFF3 +#define GKI_ERROR_TIMER_LIST_CORRUPTED 0xFFF2 /******************************************************************** diff --git a/gki/common/gki_time.c b/gki/common/gki_time.c index a9af8fac7..ceda9adb7 100644 --- a/gki/common/gki_time.c +++ b/gki/common/gki_time.c @@ -841,8 +841,19 @@ void GKI_add_to_timer_list (TIMER_LIST_Q *p_timer_listq, TIMER_LIST_ENT *p_tle) } else /* This entry needs to be inserted before the last entry */ { - /* Find the entry that the new one needs to be inserted in front of */ p_temp = p_timer_listq->p_first; + + if (p_temp == NULL) + { + /* list is corrupted, exit to avoid crash */ + GKI_TRACE_ERROR_0("GKI_add_to_timer_list : Timerlist Q is empty"); + GKI_exception(GKI_ERROR_TIMER_LIST_CORRUPTED, "*** " + "GKI_add_to_timer_list(): timer list corrupted! ***"); + return; + } + /* Find the entry that the new one needs to be inserted in front of + * as last_ticks is the expiry value of p_last, it should be inserted + * BEFORE p_last. otherwise list is probably corrupted! */ while (p_tle->ticks > p_temp->ticks) { /* Update the tick value if looking at an unexpired entry */ -- 2.11.0