From eba1b971c024e489c4dadff98ed4a4c4aeb64465 Mon Sep 17 00:00:00 2001
From: Mikhail Lappo <mikhail.lappo@esrlabs.com>
Date: Wed, 22 Mar 2017 15:42:48 +0100
Subject: [PATCH] Possible null-pointer dereference

In assertion the pointer that is potentialy
null is dereferenced. The check for null was
located after.
---
 src/api/api_msg.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/api/api_msg.c b/src/api/api_msg.c
index 7a8c91e0..8c4ba90a 100644
--- a/src/api/api_msg.c
+++ b/src/api/api_msg.c
@@ -177,14 +177,20 @@ recv_udp(void *arg, struct udp_pcb *pcb, struct pbuf *p,
   LWIP_ASSERT("recv_udp must have a pcb argument", pcb != NULL);
   LWIP_ASSERT("recv_udp must have an argument", arg != NULL);
   conn = (struct netconn *)arg;
+
+  if (conn == NULL) {
+    pbuf_free(p);
+    return;
+  }
+
   LWIP_ASSERT("recv_udp: recv for wrong pcb!", conn->pcb.udp == pcb);
 
 #if LWIP_SO_RCVBUF
   SYS_ARCH_GET(conn->recv_avail, recv_avail);
-  if ((conn == NULL) || !sys_mbox_valid(&conn->recvmbox) ||
+  if (!sys_mbox_valid(&conn->recvmbox) ||
       ((recv_avail + (int)(p->tot_len)) > conn->recv_bufsize)) {
 #else  /* LWIP_SO_RCVBUF */
-  if ((conn == NULL) || !sys_mbox_valid(&conn->recvmbox)) {
+  if (!sys_mbox_valid(&conn->recvmbox)) {
 #endif /* LWIP_SO_RCVBUF */
     pbuf_free(p);
     return;