From c870c87f2d03556debd854fa816a19a2a43004f4 Mon Sep 17 00:00:00 2001 From: Alexandru M Stan Date: Thu, 4 Jan 2018 12:21:39 -0800 Subject: [PATCH] motion_sense: Check presence of {set,get}_{range,offset} Prevents a null pointer dereference when the AP asks the EC for nonexistent settings of a sensor. BUG=chromium:761758 TEST="ectool motionsense offset ${ID of baro_bmp280 sensor}" And see no null pointer dereference, but an invalid command error BRANCH=master Change-Id: I3050feaa3c9752abebc30237dac1befa4e5775cc Signed-off-by: Alexandru M Stan Reviewed-on: https://chromium-review.googlesource.com/850639 Reviewed-by: Gwendal Grignou --- common/motion_sense.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/common/motion_sense.c b/common/motion_sense.c index f4d5cd32af..cc2f7bc992 100644 --- a/common/motion_sense.c +++ b/common/motion_sense.c @@ -1218,6 +1218,8 @@ static int host_cmd_motion_sense(struct host_cmd_handler_args *args) in->sensor_range.sensor_num); if (sensor == NULL) return EC_RES_INVALID_PARAM; + if (!sensor->drv->set_range || !sensor->drv->get_range) + return EC_RES_INVALID_COMMAND; /* Set new range if the data arg has a value. */ if (in->sensor_range.data != EC_MOTION_SENSE_NO_VALUE) { @@ -1239,6 +1241,8 @@ static int host_cmd_motion_sense(struct host_cmd_handler_args *args) in->sensor_offset.sensor_num); if (sensor == NULL) return EC_RES_INVALID_PARAM; + if (!sensor->drv->set_offset || !sensor->drv->get_offset) + return EC_RES_INVALID_COMMAND; /* Set new range if the data arg has a value. */ if (in->sensor_offset.flags & MOTION_SENSE_SET_OFFSET) {