ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-02-21 02:01:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

uplink_client_base: no deref of invalid connection

Browse Source 
Imagine receiving the signal for an available TX ack or an available RX packet
at the Uplink connection but a later received signal for a link-state change
(to link state "down") at the same connection is handled first and destructs
the Uplink connection before the handling of the former signals. In this case,
the methods 'Uplink_client_base::_conn_tx_handle_ack_avail' and
'Uplink_client_base::_conn_rx_handle_packet_avail' must be guarded against an
unconstructed '_conn' member, but they weren't so far.

Fixes #4384
This commit is contained in:
Martin Stein 2022-01-19 10:27:53 +01:00 committed by Christian Helmuth
parent 83626b18f0
commit 94121e7cd7
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
repos/os/src/drivers/nic/include/drivers/nic/uplink_client_base.h
View File

@ -59,6 +59,9 @@ class Genode::Uplink_client_base : Noncopyable
void _conn_tx_handle_ack_avail()
{
if (!_conn.constructed()) {
return;
}
while (_conn->tx()->ack_avail()) {
_conn->tx()->release_packet(_conn->tx()->get_acked_packet());
@ -67,6 +70,9 @@ class Genode::Uplink_client_base : Noncopyable
void _conn_rx_handle_packet_avail()
{
if (!_conn.constructed()) {
return;
}
bool drv_ready_to_transmit_pkt { _drv_link_state };
bool pkts_transmitted { false };