I have encountered an issue culminating in a memcpy to the null address. The cause is as follows, although I'm not entirely sure which of the behaviors are incorrect.
First, the sixtop module periodically sends keepalive messages to known neighbors in `sixtop_sendKA()`. It creates a data packet, but does not make space for `l2_ASNpayload`, which is correspondingly left pointing to `NULL`. Finally, the MAC layer does not verify that the broadcast packet selected by `openqueue_macGetEBPacket` is actually of type `IEEE154_TYPE_BEACON`, nor does it null-check the `l2_ASNpayload` pointer when it performs a memcpy in line 970 of IEEEE802154E.c.
I believe the `openqueue_macGetEBPacket()` function should be amended as follows. The change certainly fixes the null memcpy, but I don't know if it's the appropriate behavior for the module.
Perhaps someone with expertise here can chime in. Thanks!
Based on tag `GB_REL-1.3.0`. The software is running on custom development boards.