From ce540ee6479931e5739ee380886008919b125d4c Mon Sep 17 00:00:00 2001 From: rdkdevpilot Date: Fri, 5 Dec 2025 15:19:56 -0500 Subject: [PATCH] wifi_ctrl_wifiapi_handlers: fix null pointer dereference in wifiapi_handle_get_ApAssocDeviceDiagnosticResult The wifiapi_handle_get_ApAssocDeviceDiagnosticResult function was dereferencing dev_array before checking if it was NULL, which could lead to segmentation faults. This commit adds a null check after allocation and returns early with an error message if the pointer is NULL. Pattern: null_check_before_dereference_reorder --- source/core/wifi_ctrl_wifiapi_handlers.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/source/core/wifi_ctrl_wifiapi_handlers.c b/source/core/wifi_ctrl_wifiapi_handlers.c index 89a2ed75d..033e12884 100644 --- a/source/core/wifi_ctrl_wifiapi_handlers.c +++ b/source/core/wifi_ctrl_wifiapi_handlers.c @@ -622,6 +622,10 @@ static void wifiapi_handle_get_ApAssocDeviceDiagnosticResult(char **args, unsign } return; } + if (dev_array == NULL) { + snprintf(result_buf, result_buf_size, "Error: dev_array is NULL\n"); + return; + } char* to_sta_key(uint8_t *mac_address, sta_key_t sta_key) { snprintf(sta_key, STA_KEY_LEN, "%02x:%02x:%02x:%02x:%02x:%02x", mac_address[0], mac_address[1], mac_address[2], @@ -660,11 +664,11 @@ static void wifiapi_handle_get_ApAssocDeviceDiagnosticResult(char **args, unsign dev_array[i].cli_MultipleRetryCount, dev_array[i].cli_MaxDownlinkRate, dev_array[i].cli_MaxUplinkRate, dev_array[i].cli_activeNumSpatialStreams, dev_array[i].cli_TxFrames, dev_array[i].cli_RxRetries, dev_array[i].cli_RxErrors); + } if (dev_array != NULL) { free(dev_array); dev_array = NULL; } - } } void process_wifiapi_command(char *command, unsigned int len)