浏览代码

qcacmn: fix null-ptr-deref Read issue

Add sanity check in function target_if_init_spectral_capability
to avoid null-ptr-deref read issue.

Change-Id: Iccd79051ee8294f421704eadbedf6c9d9bf9a7b9
CRs-Fixed: 2692688
Paul Zhang 5 年之前
父节点
当前提交
a027a582cc
共有 1 个文件被更改,包括 17 次插入12 次删除
  1. 17 12
      target_if/spectral/target_if_spectral.c

+ 17 - 12
target_if/spectral/target_if_spectral.c

@@ -1554,18 +1554,23 @@ target_if_init_spectral_capability(struct target_if_spectral *spectral,
 		pcap->agile_spectral_cap_80p80 = false;
 	}
 
-	for (param_idx = 0; param_idx < num_bin_scaling_params; param_idx++) {
-		if (scaling_params[param_idx].pdev_id == pdev_id) {
-			pcap->is_scaling_params_populated = true;
-			pcap->formula_id = scaling_params[param_idx].formula_id;
-			pcap->low_level_offset =
-				scaling_params[param_idx].low_level_offset;
-			pcap->high_level_offset =
-				scaling_params[param_idx].high_level_offset;
-			pcap->rssi_thr = scaling_params[param_idx].rssi_thr;
-			pcap->default_agc_max_gain =
-				scaling_params[param_idx].default_agc_max_gain;
-			break;
+	if (scaling_params) {
+		for (param_idx = 0; param_idx < num_bin_scaling_params;
+		     param_idx++) {
+			if (scaling_params[param_idx].pdev_id == pdev_id) {
+				pcap->is_scaling_params_populated = true;
+				pcap->formula_id =
+				    scaling_params[param_idx].formula_id;
+				pcap->low_level_offset =
+				    scaling_params[param_idx].low_level_offset;
+				pcap->high_level_offset =
+				    scaling_params[param_idx].high_level_offset;
+				pcap->rssi_thr =
+				    scaling_params[param_idx].rssi_thr;
+				pcap->default_agc_max_gain =
+				 scaling_params[param_idx].default_agc_max_gain;
+				break;
+			}
 		}
 	}