From cfa84954ea64995e1beaf3630041f77a569892d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beat=20K=C3=BCng?= <beat-kueng@gmx.net>
Date: Sat, 25 Feb 2017 07:05:04 +0100
Subject: [PATCH] param_get: add null-pointer check

If param_find() returned PARAM_INVALID, and this was directly passed to
param_get(), param_get_value_ptr() returned null and we read garbage data
(or segfaulted on systems with virtual memory).
On px4fmu-v2, this happened for the param ATT_VIBE_THRESH in sensors.
Because of the recently added parameter scoping, this param got pruned, as
it's defined in attitude_estimator_q.

credits for finding this go to Jeyong Shin (jeyong).
---
 src/modules/systemlib/param/param.c       | 2 +-
 src/modules/systemlib/param/param_shmem.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/modules/systemlib/param/param.c b/src/modules/systemlib/param/param.c
index 726d9f457d..9eb93e7035 100644
--- a/src/modules/systemlib/param/param.c
+++ b/src/modules/systemlib/param/param.c
@@ -531,7 +531,7 @@ param_get(param_t param, void *val)
 
 	const void *v = param_get_value_ptr(param);
 
-	if (val != NULL) {
+	if (val && v) {
 		memcpy(val, v, param_size(param));
 		result = 0;
 	}
diff --git a/src/modules/systemlib/param/param_shmem.c b/src/modules/systemlib/param/param_shmem.c
index d6a42fbe29..629f0465e7 100644
--- a/src/modules/systemlib/param/param_shmem.c
+++ b/src/modules/systemlib/param/param_shmem.c
@@ -548,7 +548,7 @@ param_get(param_t param, void *val)
 
 	const void *v = param_get_value_ptr(param);
 
-	if (val != NULL) {
+	if (val && v) {
 		memcpy(val, v, param_size(param));
 		result = 0;
 	}
-- 
GitLab