The message can be emitted without the fields being present. In this case ber
or rssi are 0
resulting in a null pointer deref.
---
drivers/qmimodem/netmon.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/qmimodem/netmon.c b/drivers/qmimodem/netmon.c
index 14a55632e8a6..729879ce73d8 100644
--- a/drivers/qmimodem/netmon.c
+++ b/drivers/qmimodem/netmon.c
@@ -89,8 +89,8 @@ static void get_rssi_cb(struct qmi_result *result, void
*user_data)
/* RSSI */
rssi = qmi_result_get(result, 0x11, &len);
- num = GUINT16_FROM_LE(rssi->count);
if (rssi) {
+ num = GUINT16_FROM_LE(rssi->count);
for (i = 0; i < num; i++) {
DBG("RSSI: %hhu on RAT %hhd",
rssi->info[i].rssi,
@@ -126,8 +126,8 @@ static void get_rssi_cb(struct qmi_result *result, void
*user_data)
/* Bit error rate */
ber = qmi_result_get(result, 0x15, &len);
- num = GUINT16_FROM_LE(ber->count);
if (ber) {
+ num = GUINT16_FROM_LE(ber->count);
for (i = 0; i < ber->count; i++) {
DBG("Bit error rate: %hu on RAT %hhd",
GUINT16_FROM_LE(ber->info[i].rate),
--
2.21.0
_______________________________________________
ofono mailing list
[email protected]
https://lists.ofono.org/mailman/listinfo/ofono
