Fix potential null pointer deref if Mavlink start fails before task_main loop

LL_APPEND is called just before the loop spins up but various error conditions can cause the task to exit before then. When that happens Mavlink::start_helper calls delete on the instance which tries to prune it from the global list. If this is the first Mavlink instance to attempt starting the list head is null and we hardfault in the Mavlink dtor. Only call LL_DELETE after checking the list head for a null pointer.
author: Nate Weibley <nate.weibley@prioria.com> 2015-05-13 11:19:29 -0400
committer: Nate Weibley <nate.weibley@prioria.com> 2015-05-13 11:33:11 -0400
commit: b4e7b041cac7a937df3ea4e84dc943bff809fb55 (patch)
tree: 14482a3ff05e0f074b105d86c1c57894e3a7a29b /src/modules/mavlink/mavlink_main.cpp
parent: 66b87ac7618d2e886b5389e3eef50af182b32f25 (diff)
download: px4-firmware-b4e7b041cac7a937df3ea4e84dc943bff809fb55.tar.gz
px4-firmware-b4e7b041cac7a937df3ea4e84dc943bff809fb55.tar.bz2
px4-firmware-b4e7b041cac7a937df3ea4e84dc943bff809fb55.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/modules/mavlink/mavlink_main.cpp b/src/modules/mavlink/mavlink_main.cpp
index 326b0b5ab..a76abc298 100644
--- a/src/modules/mavlink/mavlink_main.cpp
+++ b/src/modules/mavlink/mavlink_main.cpp
@@ -249,7 +249,9 @@ Mavlink::~Mavlink()
 		} while (_task_running);
 	}
 
-	LL_DELETE(_mavlink_instances, this);
+	if (_mavlink_instances) {
+		LL_DELETE(_mavlink_instances, this);
+	}
 }
 
 void
author	Nate Weibley <nate.weibley@prioria.com>	2015-05-13 11:19:29 -0400
committer	Nate Weibley <nate.weibley@prioria.com>	2015-05-13 11:33:11 -0400
commit	b4e7b041cac7a937df3ea4e84dc943bff809fb55 (patch)
tree	14482a3ff05e0f074b105d86c1c57894e3a7a29b /src/modules/mavlink/mavlink_main.cpp
parent	66b87ac7618d2e886b5389e3eef50af182b32f25 (diff)
download	px4-firmware-b4e7b041cac7a937df3ea4e84dc943bff809fb55.tar.gz px4-firmware-b4e7b041cac7a937df3ea4e84dc943bff809fb55.tar.bz2 px4-firmware-b4e7b041cac7a937df3ea4e84dc943bff809fb55.zip