From b4e7b041cac7a937df3ea4e84dc943bff809fb55 Mon Sep 17 00:00:00 2001 From: Nate Weibley Date: Wed, 13 May 2015 11:19:29 -0400 Subject: Fix potential null pointer deref if Mavlink start fails before task_main loop LL_APPEND is called just before the loop spins up but various error conditions can cause the task to exit before then. When that happens Mavlink::start_helper calls delete on the instance which tries to prune it from the global list. If this is the first Mavlink instance to attempt starting the list head is null and we hardfault in the Mavlink dtor. Only call LL_DELETE after checking the list head for a null pointer. --- src/modules/mavlink/mavlink_main.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/modules/mavlink/mavlink_main.cpp b/src/modules/mavlink/mavlink_main.cpp index 326b0b5ab..a76abc298 100644 --- a/src/modules/mavlink/mavlink_main.cpp +++ b/src/modules/mavlink/mavlink_main.cpp @@ -249,7 +249,9 @@ Mavlink::~Mavlink() } while (_task_running); } - LL_DELETE(_mavlink_instances, this); + if (_mavlink_instances) { + LL_DELETE(_mavlink_instances, this); + } } void -- cgit v1.2.3