This fixes incorrect conditional checks in restore_model_state()
which could lead to dereferencing a NULL pointer.
Wrong: if (l_queue_isempty(mod->bindings) || !mod->cbs->bind) ...
Fixed: if (!l_queue_isempty(mod->bindings) && cbs->bind) ...
---
mesh/model.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mesh/model.c b/mesh/model.c
index a2b3e5c18..e4a7ba94e 100644
--- a/mesh/model.c
+++ b/mesh/model.c
@@ -1077,7 +1077,7 @@ static void restore_model_state(struct mesh_model *mod)
if (!cbs)
return;
- if (l_queue_isempty(mod->bindings) || !mod->cbs->bind) {
+ if (!l_queue_isempty(mod->bindings) && cbs->bind) {
for (b = l_queue_get_entries(mod->bindings); b; b = b->next) {
if (cbs->bind(L_PTR_TO_UINT(b->data), ACTION_ADD) !=
MESH_STATUS_SUCCESS)
--
2.21.0
Applied
On Wed, 2019-07-03 at 13:53 -0700, Inga Stotland wrote:
> This fixes incorrect conditional checks in restore_model_state()
> which could lead to dereferencing a NULL pointer.
>
> Wrong: if (l_queue_isempty(mod->bindings) || !mod->cbs->bind) ...
> Fixed: if (!l_queue_isempty(mod->bindings) && cbs->bind) ...
> ---
> mesh/model.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mesh/model.c b/mesh/model.c
> index a2b3e5c18..e4a7ba94e 100644
> --- a/mesh/model.c
> +++ b/mesh/model.c
> @@ -1077,7 +1077,7 @@ static void restore_model_state(struct mesh_model *mod)
> if (!cbs)
> return;
>
> - if (l_queue_isempty(mod->bindings) || !mod->cbs->bind) {
> + if (!l_queue_isempty(mod->bindings) && cbs->bind) {
> for (b = l_queue_get_entries(mod->bindings); b; b = b->next) {
> if (cbs->bind(L_PTR_TO_UINT(b->data), ACTION_ADD) !=
> MESH_STATUS_SUCCESS)