Browse Source

fix segfault when passed blobmsg attr is NULL

Signed-off-by: John Crispin <john@phrozen.org>
John Crispin 5 years ago
parent
commit
c83a84afbe
2 changed files with 13 additions and 2 deletions
  1. 2 0
      blobmsg.c
  2. 11 2
      blobmsg.h

+ 2 - 0
blobmsg.c

@@ -135,6 +135,8 @@ int blobmsg_parse(const struct blobmsg_policy *policy, int policy_len,
 	int i;
 
 	memset(tb, 0, policy_len * sizeof(*tb));
+	if (!data || !len)
+		return -EINVAL;
 	pslen = alloca(policy_len);
 	for (i = 0; i < policy_len; i++) {
 		if (!policy[i].name)

+ 11 - 2
blobmsg.h

@@ -71,8 +71,14 @@ static inline int blobmsg_type(const struct blob_attr *attr)
 
 static inline void *blobmsg_data(const struct blob_attr *attr)
 {
-	struct blobmsg_hdr *hdr = (struct blobmsg_hdr *) blob_data(attr);
-	char *data = (char *) blob_data(attr);
+	struct blobmsg_hdr *hdr;
+	char *data;
+
+	if (!attr)
+		return NULL;
+
+	hdr = (struct blobmsg_hdr *) blob_data(attr);
+	data = (char *) blob_data(attr);
 
 	if (blob_is_extended(attr))
 		data += blobmsg_hdrlen(be16_to_cpu(hdr->namelen));
@@ -84,6 +90,9 @@ static inline int blobmsg_data_len(const struct blob_attr *attr)
 {
 	uint8_t *start, *end;
 
+	if (!attr)
+		return 0;
+
 	start = (uint8_t *) blob_data(attr);
 	end = (uint8_t *) blobmsg_data(attr);