Skip to content

Commit

Permalink
samples: wifi: radio_test: Fix crash during temp and rssi get
Browse files Browse the repository at this point in the history
Getting temperature and RSSI don't take any args, but due to copy-paste
the code tries to parse the args argv[1] without any NULL or boundary
checks causing a crash.

This bug is quite old but in RF53 (and 52) the address 0x0 is a valid
address, so, the conversion to string passed though it returns garbage
and the check for the returned value is completely unnecessary so it
doesn't matter if that is invokved or not, so, this issue was hidden.

In nRF54H the address 0x0 is not mapped and leading to a crash.

Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
  • Loading branch information
krish2718 committed Nov 14, 2024
1 parent c94e86f commit 63049e9
Showing 1 changed file with 2 additions and 32 deletions.
34 changes: 2 additions & 32 deletions samples/wifi/radio_test/src/nrf_wifi_radio_test_shell.c
Original file line number Diff line number Diff line change
Expand Up @@ -1617,27 +1617,12 @@ static int nrf_wifi_radio_get_temperature(const struct shell *shell,
const char *argv[])
{
enum nrf_wifi_status status = NRF_WIFI_STATUS_FAIL;
char *ptr = NULL;
unsigned long val = 0;
int ret = -ENOEXEC;

val = strtoul(argv[1], &ptr, 10);

if (val > 1) {
shell_fprintf(shell,
SHELL_ERROR,
"Invalid value %lu\n",
val);
shell_help(shell);
if (!check_test_in_prog(shell)) {
goto out;
}

if (val == 1) {
if (!check_test_in_prog(shell)) {
goto out;
}
}

ctx->rf_test_run = true;
ctx->rf_test = NRF_WIFI_RF_TEST_GET_TEMPERATURE;

Expand All @@ -1664,27 +1649,12 @@ static int nrf_wifi_radio_get_rf_rssi(const struct shell *shell,
const char *argv[])
{
enum nrf_wifi_status status = NRF_WIFI_STATUS_FAIL;
char *ptr = NULL;
unsigned long val = 0;
int ret = -ENOEXEC;

val = strtoul(argv[1], &ptr, 10);

if (val > 1) {
shell_fprintf(shell,
SHELL_ERROR,
"Invalid value %lu\n",
val);
shell_help(shell);
if (!check_test_in_prog(shell)) {
goto out;
}

if (val == 1) {
if (!check_test_in_prog(shell)) {
goto out;
}
}

ctx->rf_test_run = true;
ctx->rf_test = NRF_WIFI_RF_TEST_RF_RSSI;

Expand Down

0 comments on commit 63049e9

Please sign in to comment.