From 61c5ddab38c494eabe80c19d12299094084b5ffa Mon Sep 17 00:00:00 2001
From: "E. Scott Daniels" <daniels@research.att.com>
Date: Tue, 9 Apr 2019 19:59:42 +0000
Subject: [PATCH] Fix potential nil pointer error in msg allocation

Header pointer returned by NNG function was not checked for
nil value and could result in nil pointer use.

Change-Id: Ib30c148c27a0304fe10b85fe2e9cb2a6349ca26e
Signed-off-by: E. Scott Daniels <daniels@research.att.com>
---
 src/nng/src/sr_nng_static.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/nng/src/sr_nng_static.c b/src/nng/src/sr_nng_static.c
index 8e326e3..a99b3de 100644
--- a/src/nng/src/sr_nng_static.c
+++ b/src/nng/src/sr_nng_static.c
@@ -131,8 +131,9 @@ static rmr_mbuf_t* alloc_zcmsg( uta_ctx_t* ctx, rmr_mbuf_t* msg, int size, int s
 	}
 
 	msg->header = nng_msg_body( msg->tp_buf );
-	hdr = (uta_mhdr_t *) msg->header;
-	hdr->rmr_ver = RMR_MSG_VER;								// version info should we need to recognised old style messages someday
+	if( (hdr = (uta_mhdr_t *) msg->header) != NULL ) {
+		hdr->rmr_ver = RMR_MSG_VER;								// version info should we need to recognised old style messages someday
+	}
 	msg->len = 0;											// length of data in the payload
 	msg->alloc_len = mlen;									// length of allocated payload
 	msg->payload = msg->header + sizeof( uta_mhdr_t );		// point past header to payload (single buffer allocation above)
-- 
2.16.6