It looks like an incorrect check is being done for the TLV type in the ecp_rx_ProcessFrame() function in qbg/ecp.c. Right after a new, unpacked TLV is created, a check is done on the decoded tlv_length value and the tlv->type from the, currently blank, unpacked TLV structure. This should be tlv_type from the recently decoded structure above.
I am just documenting this as it was caught while reviewing PR #104, but it is a pre-existing issue. It should be a quick fix once I have time.
"I'm seeing other issues in this function besides memory leaks. I'll probably create a PR for it once I've had more time to review it. In any case, I would combine this free with a `tlv = NULL;` for safety."
Originally posted by @penguin359 in #104 (comment)
It looks like an incorrect check is being done for the TLV type in the
ecp_rx_ProcessFrame()function in qbg/ecp.c. Right after a new, unpacked TLV is created, a check is done on the decodedtlv_lengthvalue and thetlv->typefrom the, currently blank, unpacked TLV structure. This should betlv_typefrom the recently decoded structure above.I am just documenting this as it was caught while reviewing PR #104, but it is a pre-existing issue. It should be a quick fix once I have time.
Originally posted by @penguin359 in #104 (comment)