diff --git a/CHANGELOG b/CHANGELOG index b7baeb42..f1a32cea 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -57,6 +57,9 @@ HISTORY ++ Bugfixes: + 2011-09-20: Simon Goldschmidt + * timers.c: fixed bug #34337 (possible NULL pointer in sys_check_timeouts) + 2011-09-11: Simon Goldschmidt * tcp_out.c: use pcb->mss instead of TCP_MSS for preallocate mss-sized pbufs (bug #34019) diff --git a/src/core/timers.c b/src/core/timers.c index 3c4f8d1d..5ae6d0c4 100644 --- a/src/core/timers.c +++ b/src/core/timers.c @@ -416,15 +416,15 @@ sys_untimeout(sys_timeout_handler handler, void *arg) void sys_check_timeouts(void) { - struct sys_timeo *tmptimeout; - u32_t diff; - sys_timeout_handler handler; - void *arg; - int had_one; - u32_t now; - - now = sys_now(); if (next_timeout) { + struct sys_timeo *tmptimeout; + u32_t diff; + sys_timeout_handler handler; + void *arg; + u8_t had_one; + u32_t now; + + now = sys_now(); /* this cares for wraparounds */ diff = LWIP_U32_DIFF(now, timeouts_last_time); do @@ -434,7 +434,7 @@ sys_check_timeouts(void) #endif /* PBUF_POOL_FREE_OOSEQ */ had_one = 0; tmptimeout = next_timeout; - if (tmptimeout->time <= diff) { + if (tmptimeout && (tmptimeout->time <= diff)) { /* timeout has expired */ had_one = 1; timeouts_last_time = now;