From 52463fa25b568c16aebc07555fcdd8be1b1c4bfb Mon Sep 17 00:00:00 2001 From: Wayne Uroda Date: Wed, 20 Jan 2016 20:50:08 +0100 Subject: [PATCH] PPP, PPPoS, fix dereference of uninitialised pppos->in_head pointer When I create a new PPP connection, I am seeing a hardfault (segfault) coming from pbuf_free. I traced the problem to an invalid in_head field of the pppos_pcb structure. The field is invalid because the memory is never cleared to zero after the pppos_pcb structure is created in pppos_create(). I was able to fix the issue by adding a memset after the memp_malloc call. Signed-off-by: Sylvain Rochet --- src/netif/ppp/pppos.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/netif/ppp/pppos.c b/src/netif/ppp/pppos.c index 83480659..8e7fcea4 100644 --- a/src/netif/ppp/pppos.c +++ b/src/netif/ppp/pppos.c @@ -184,6 +184,7 @@ ppp_pcb *pppos_create(struct netif *pppif, pppos_output_cb_fn output_cb, return NULL; } + memset(pppos, 0, sizeof(pppos_pcb)); pppos->ppp = ppp; pppos->output_cb = output_cb; return ppp;