It is necessary to add checks for NULL before dereferencing pointers.
Found with the SVACE static analysis tool.
---
src/shared/micp.c | 4 ++++
src/shared/vcp.c | 12 ++++++++++++
2 files changed, 16 insertions(+)
diff --git a/src/shared/micp.c b/src/shared/micp.c
index b82bd92de..1c34e9d00 100644
--- a/src/shared/micp.c
+++ b/src/shared/micp.c
@@ -398,6 +398,10 @@ static void mics_mute_write(struct gatt_db_attribute *attrib,
}
micp_op = iov_pull_mem(&iov, sizeof(*micp_op));
+ if (!micp_op) {
+ DBG(micp, "iov_pull_mem() returned NULL");
+ goto respond;
+ }
if ((*micp_op == MICS_DISABLED) || (*micp_op != MICS_NOT_MUTED
&& *micp_op != MICS_MUTED)) {
diff --git a/src/shared/vcp.c b/src/shared/vcp.c
index 06264a241..602d46dc1 100644
--- a/src/shared/vcp.c
+++ b/src/shared/vcp.c
@@ -925,6 +925,10 @@ static void vcs_cp_write(struct gatt_db_attribute *attrib,
}
vcp_op = iov_pull_mem(&iov, sizeof(*vcp_op));
+ if (!vcp_op) {
+ DBG(vcp, "iov_pull_mem() returned NULL");
+ goto respond;
+ }
for (handler = vcp_handlers; handler && handler->str; handler++) {
if (handler->op != *vcp_op)
@@ -985,6 +989,10 @@ static void vocs_cp_write(struct gatt_db_attribute *attrib,
}
vcp_op = iov_pull_mem(&iov, sizeof(*vcp_op));
+ if (!vcp_op) {
+ DBG(vcp, "iov_pull_mem() returned NULL");
+ goto respond;
+ }
for (handler = vocp_handlers; handler && handler->str; handler++) {
if (handler->op != *vcp_op)
@@ -1517,6 +1525,10 @@ static void aics_ip_cp_write(struct gatt_db_attribute *attrib,
}
aics_op = iov_pull_mem(&iov, sizeof(*aics_op));
+ if (!aics_op) {
+ DBG(vcp, "iov_pull_mem() returned NULL");
+ goto respond;
+ }
for (handler = aics_handlers; handler && handler->str; handler++) {
if (handler->op != *aics_op)
--
2.34.1
