Part Number: CC2630
Hello,
it seems there is a bug in zstart.c in the function Zstart_addToBlackList
bool Zstart_addToBlackList(uint8_t *pExtendedPANID, uint16_t router)
{
bool ret = false;
// Validity check
if( pExtendedPANID && (memcmp(pExtendedPANID,
dummyPANID, EXT_PANID_LEN) != 0) )
{
if(zstart_existBlackList(pExtendedPANID, router) == false)
{
zstart_bl_item *pAddItem;
pAddItem = ICall_malloc( sizeof(zstart_bl_item) );
if(pAddItem)
{
zstart_bl_item *pItem = pBlItems;
// Build new entry
memcpy(pAddItem->extendedPANID, pExtendedPANID,
EXT_PANID_LEN);
pAddItem->router = router;
pAddItem->next = NULL;
/* code in question */
// Look for the end of the list
while(pItem->next)
{
pItem = pItem->next;
}
if(pItem)
{
pItem->next = pAddItem;
}
else
{
pBlItems = pAddItem;
}
/* code in question */
// Add entry to NV
zstart_addBlackListNV(pExtendedPANID, router);
ret = true;
}
}
}
return(ret);
}
I put the lines in question into bold letters. in this case pItem->next is accessed without prior checking if pItem exists i.e. if it's null.
i think it should be changed to
if(pItem)
{
// Look for the end of the list
while(pItem->next)
{
pItem = pItem->next;
}
pItem->next = pAddItem;
}
else
{
pBlItems = pAddItem;
}
