Accessing a returned null pointer

[thcu-gp]

iotivity-constrained/api/oc_endpoint.c

Line 75 in 024df21

oc_endpoint_t *endpoint = oc_memb_alloc(&oc_endpoints_s);

And potentially other places that involve oc_memb_alloc.

Description:
If OC_DYNAMIC_ALLOCATION is disabled, oc_memb_alloc returns a pointer to a part of a statically allocated structure buffer with compile-time defined size. It returns NULL if no more space is available in the buffer. The return value is not checked for validity.
Since we never know how many endpoints will be present in an incoming packet, it is possible to overflow the buffer, causing the code to try to access a NULL pointer.

Proposal:
Add NULL-checks and graceful handle a returned NULL pointer

[kmaloor]

@thcu-gp Thanks for reporting this. I have just posted a patch for it. (FYI, you're free to submit patches through gerrit.iotivity.org)

And potentially other places that involve oc_memb_alloc.

I looked and found only one other spot in oc_obt, which has also been patched.

Proposal:
Add NULL-checks and graceful handle a returned NULL pointer

Added, and I believe we gracefully handle NULL pointers in such cases.
Please let me know if you find otherwise.