From 9cc884a0d3c7a8ac4ddf476d714435f5a52e2016 Mon Sep 17 00:00:00 2001 From: chao an Date: Thu, 30 Jul 2020 11:29:15 +0800 Subject: [PATCH] Bluetooth: Mesh: Fix tx seg buffer with NULL pointer reference Fix tx seg buffer with NULL pointer reference if enable mesh friendly Signed-off-by: chao an --- subsys/bluetooth/mesh/transport.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/subsys/bluetooth/mesh/transport.c b/subsys/bluetooth/mesh/transport.c index 331bae8cd113..645fe743fd4a 100644 --- a/subsys/bluetooth/mesh/transport.c +++ b/subsys/bluetooth/mesh/transport.c @@ -532,6 +532,8 @@ static int send_seg(struct bt_mesh_net_tx *net_tx, struct net_buf_simple *sdu, BT_DBG("seg %u: %s", seg_o, bt_hex(buf, len)); + tx->seg[seg_o] = buf; + if (IS_ENABLED(CONFIG_BT_MESH_FRIEND)) { enum bt_mesh_friend_pdu_type type; @@ -552,11 +554,11 @@ static int send_seg(struct bt_mesh_net_tx *net_tx, struct net_buf_simple *sdu, * out through the Friend Queue. */ k_mem_slab_free(&segs, &buf); - continue; + tx->seg[seg_o] = NULL; } + } - tx->seg[seg_o] = buf; } /* This can happen if segments only went into the Friend Queue */