From 33111c910bf8c138f3be1cef99b318e26fb28a04 Mon Sep 17 00:00:00 2001 From: Joel Cunningham Date: Sat, 8 Oct 2016 12:04:15 -0500 Subject: [PATCH] Check for NULL qsort() base pointers There are a couple of places in wpa_supplicant/hostapd where qsort() can be called with a NULL base pointer. This results in undefined behavior according to the C standard and with some standard C libraries (ARM RVCT 2.2) results in a data abort/memory exception. Fix this by skipping such calls since there is nothing needing to be sorted. Signed-off-by: Joel Cunningham --- hostapd/config_file.c | 3 ++- wpa_supplicant/scan.c | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 9c744de5c..8e7bcc7e7 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -208,7 +208,8 @@ static int hostapd_config_read_maclist(const char *fname, fclose(f); - qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp); + if (*acl) + qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp); return 0; } diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c index fb8ebdf2e..bfde0af1f 100644 --- a/wpa_supplicant/scan.c +++ b/wpa_supplicant/scan.c @@ -2177,8 +2177,10 @@ wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, } #endif /* CONFIG_WPS */ - qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), - compar); + if (scan_res->res) { + qsort(scan_res->res, scan_res->num, + sizeof(struct wpa_scan_res *), compar); + } dump_scan_res(scan_res); wpa_bss_update_start(wpa_s);