Skip to content

Commit

Permalink
samples: wifi: radio_test: Fix crash during temp and rssi get
Browse files Browse the repository at this point in the history
Get temperature and RSSI commands don't take any args, but due to
copy-paste, the code tries to parse the args, argv[1] without any NULL
or boundary checks causing a crash.

This bug is quite old but in nRF53 (and 52) the address 0x0 is a valid
address (IIRC mapped to begining of external flash), so, the conversion
to string passes, though it returns garbage but the check for the
returned value is completely unnecessary, so it doesn't matter if that
is invoked or not, because of this, the issue was hidden.

In nRF54H the address 0x0 is not mapped and is considered invalid and
leading to the crash.

Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
  • Loading branch information
krish2718 authored and rlubos committed Nov 14, 2024
1 parent d0cdd9b commit 1f06433
Showing 1 changed file with 2 additions and 32 deletions.
34 changes: 2 additions & 32 deletions samples/wifi/radio_test/src/nrf_wifi_radio_test_shell.c
Original file line number Diff line number Diff line change
Expand Up @@ -1617,27 +1617,12 @@ static int nrf_wifi_radio_get_temperature(const struct shell *shell,
const char *argv[])
{
enum nrf_wifi_status status = NRF_WIFI_STATUS_FAIL;
char *ptr = NULL;
unsigned long val = 0;
int ret = -ENOEXEC;

val = strtoul(argv[1], &ptr, 10);

if (val > 1) {
shell_fprintf(shell,
SHELL_ERROR,
"Invalid value %lu\n",
val);
shell_help(shell);
if (!check_test_in_prog(shell)) {
goto out;
}

if (val == 1) {
if (!check_test_in_prog(shell)) {
goto out;
}
}

ctx->rf_test_run = true;
ctx->rf_test = NRF_WIFI_RF_TEST_GET_TEMPERATURE;

Expand All @@ -1664,27 +1649,12 @@ static int nrf_wifi_radio_get_rf_rssi(const struct shell *shell,
const char *argv[])
{
enum nrf_wifi_status status = NRF_WIFI_STATUS_FAIL;
char *ptr = NULL;
unsigned long val = 0;
int ret = -ENOEXEC;

val = strtoul(argv[1], &ptr, 10);

if (val > 1) {
shell_fprintf(shell,
SHELL_ERROR,
"Invalid value %lu\n",
val);
shell_help(shell);
if (!check_test_in_prog(shell)) {
goto out;
}

if (val == 1) {
if (!check_test_in_prog(shell)) {
goto out;
}
}

ctx->rf_test_run = true;
ctx->rf_test = NRF_WIFI_RF_TEST_RF_RSSI;

Expand Down

0 comments on commit 1f06433

Please sign in to comment.