Mesh: Fix crash due to derefence of NULL pointer

This patch fix the crash occured due to dererencing without null check

(gdb) bt
0  0xf7051b4a in g_slist_length () from /lib/libglib-2.0.so.0
1  0xf716ab6c in __bt_mesh_destroy_network_handles (net=net@entry=0x1fc9100) at /usr/src/debug/capi-network-bluetooth-0.6.0/src/bluetooth-mesh.c:869
2  0xf716ae14 in __bt_mesh_destroy_network_handles (net=0x1fc9100) at /usr/src/debug/capi-network-bluetooth-0.6.0/src/bluetooth-mesh.c:854
3  __mesh_unload_network_configurations (data=0x1fc9100, user_data=<optimized out>) at /usr/src/debug/capi-network-bluetooth-0.6.0/src/bluetooth-mesh.c:709
4  0xf7051b6c in g_slist_foreach () from /lib/libglib-2.0.so.0
5  0xf716bc9e in bt_mesh_deinitialize () at /usr/src/debug/capi-network-bluetooth-0.6.0/src/bluetooth-mesh.c:731

Change-Id: I25aee100d88f4fa281cdeb6f04b64bf6d60184ff
Signed-off-by: Abhay Agarwal <ay.agarwal@samsung.com>

diff --git a/src/bluetooth-mesh.c b/src/bluetooth-mesh.c
index dfc0c3b..6798f35 100644 (file)
--- a/src/bluetooth-mesh.c
+++ b/src/bluetooth-mesh.c
@@ -338,6 +338,10 @@ int __bt_check_mesh_init_status(void)
 static void __bt_mesh_free_models(void *data)
 {
        bt_mesh_model_s *model = (bt_mesh_model_s*)data;
+
+       if (!model)
+               return;
+
        model_list = g_slist_remove(model_list, model);
        g_free(model);
 }
@@ -345,6 +349,10 @@ static void __bt_mesh_free_models(void *data)
 static void __bt_mesh_free_elements(void *data)
 {
        bt_mesh_element_s *elem = (bt_mesh_element_s*)data;
+
+       if (!elem)
+               return;
+
        element_list = g_slist_remove(element_list, elem);
        g_slist_free_full(elem->models, __bt_mesh_free_models);
        g_free(elem);
@@ -354,6 +362,10 @@ static void __bt_mesh_free_elements(void *data)
 static void __bt_mesh_free_appkeys(void *data)
 {
        bt_mesh_appkey_s *appkey = (bt_mesh_appkey_s*)data;
+
+       if (!appkey)
+               return;
+
        appkey_list = g_slist_remove(appkey_list, appkey);
        g_free(appkey);
 }
@@ -864,6 +876,9 @@ static void __bt_mesh_destroy_network_handles(bt_mesh_network_s *net)
                bt_mesh_node_s *node_s = (bt_mesh_node_s*)l->data;
                l = g_slist_next(l);
 
+               if (!node_s)
+                       continue;
+
                net->nodes = g_slist_remove(net->nodes, node_s);
                node_list = g_slist_remove(node_list, node_s);
                BT_INFO("Mesh: Total elements present in Node [%d]",
@@ -880,6 +895,9 @@ static void __bt_mesh_destroy_network_handles(bt_mesh_network_s *net)
                bt_mesh_netkey_s *netkey_s = (bt_mesh_netkey_s*)l->data;
                l = g_slist_next(l);
 
+               if (!netkey_s)
+                       continue;
+
                net->netkeys = g_slist_remove(net->netkeys, netkey_s);
                netkey_list = g_slist_remove(netkey_list, netkey_s);
                BT_INFO("Mesh: Total appkeys present in Netkey [%d]",
@@ -895,6 +913,9 @@ static void __bt_mesh_destroy_network_handles(bt_mesh_network_s *net)
                bt_mesh_group_s *group_s = (bt_mesh_group_s*)l->data;
                l = g_slist_next(l);
 
+               if (!group_s)
+                       continue;
+
                net->groups = g_slist_remove(net->groups, group_s);
                group_list = g_slist_remove(group_list, group_s);
                g_free(group_s);