diff options
author | Nate Weibley <nate.weibley@prioria.com> | 2015-05-13 11:19:29 -0400 |
---|---|---|
committer | Nate Weibley <nate.weibley@prioria.com> | 2015-05-13 11:33:11 -0400 |
commit | b4e7b041cac7a937df3ea4e84dc943bff809fb55 (patch) | |
tree | 14482a3ff05e0f074b105d86c1c57894e3a7a29b /src/modules/mavlink | |
parent | 66b87ac7618d2e886b5389e3eef50af182b32f25 (diff) | |
download | px4-firmware-b4e7b041cac7a937df3ea4e84dc943bff809fb55.tar.gz px4-firmware-b4e7b041cac7a937df3ea4e84dc943bff809fb55.tar.bz2 px4-firmware-b4e7b041cac7a937df3ea4e84dc943bff809fb55.zip |
Fix potential null pointer deref if Mavlink start fails before task_main loop
LL_APPEND is called just before the loop spins up but various error conditions can cause the task to exit before then.
When that happens Mavlink::start_helper calls delete on the instance which tries to prune it from the global list.
If this is the first Mavlink instance to attempt starting the list head is null and we hardfault in the Mavlink dtor.
Only call LL_DELETE after checking the list head for a null pointer.
Diffstat (limited to 'src/modules/mavlink')
-rw-r--r-- | src/modules/mavlink/mavlink_main.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/modules/mavlink/mavlink_main.cpp b/src/modules/mavlink/mavlink_main.cpp index 326b0b5ab..a76abc298 100644 --- a/src/modules/mavlink/mavlink_main.cpp +++ b/src/modules/mavlink/mavlink_main.cpp @@ -249,7 +249,9 @@ Mavlink::~Mavlink() } while (_task_running); } - LL_DELETE(_mavlink_instances, this); + if (_mavlink_instances) { + LL_DELETE(_mavlink_instances, this); + } } void |