From 33eab0b8eb503caa3bfb8c6289dc9f980573c37e Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Wed, 30 Apr 2025 17:09:54 +0200 Subject: [PATCH] contiki: Clear events pointer once consummed This prevent potential access to invalid address, typically after a deletion. This change should be forwarded upstream, once contiki dependency is managed in modular way (using ref to upstream not code dump). Origin: https://github.com/SiliconLabs/UnifySDK/pull/52 Relate-to: https://github.com/SiliconLabsSoftware/z-wave-protocol-controller/pull/94 Relate-to: UIC-3659 Relate-to: https://github.com/SiliconLabsSoftware/z-wave-engine-application-layer/issues/17 Relate-to: https://github.com/SiliconLabsSoftware/z-wave-engine-application-layer/issues/40 Signed-off-by: Philippe Coval --- components/uic_contiki/core/sys/process.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/components/uic_contiki/core/sys/process.c b/components/uic_contiki/core/sys/process.c index 9b32962d8f..3ecf0505b4 100644 --- a/components/uic_contiki/core/sys/process.c +++ b/components/uic_contiki/core/sys/process.c @@ -313,6 +313,7 @@ static void do_event(void) CC_REENTRANT_ARG data = events[fevent].data; receiver = events[fevent].p; + int fevent_copy = fevent; /* To be cleared once processed */ /* Since we have seen the new event, we move pointer upwards and decrese the number of events. */ @@ -342,6 +343,9 @@ static void do_event(void) CC_REENTRANT_ARG /* Make sure that the process actually is running. */ call_process(receiver, ev, data); } + /* Clear pointer (to potentially unreachable/freed data) */ + events[fevent_copy].data = NULL; + events[fevent_copy].p = NULL; } } /*---------------------------------------------------------------------------*/