Preventing dereferencing nullptr in case of missing initialisation (#161)

aentinger · web-flow · commit 33bde4b3d14a · 2020-07-08T09:36:55.000+02:00
diff --git a/extras/test/src/test_OTALogic.cpp b/extras/test/src/test_OTALogic.cpp
@@ -49,6 +49,27 @@ void simulateOTABinaryReception(OTALogic & ota_logic, ota::OTAData const & ota_t
    TEST CODE
  **************************************************************************************/
 
+TEST_CASE("No OTA Storage configured", "[OTALogic-01]")
+{
+  /* Perform test */
+  OTALogic ota_logic;
+
+  WHEN("OTALogic::update() is called")
+  {
+    ota_logic.update();
+    THEN("The OTA logic should be in the 'Error' state")
+    {
+      REQUIRE(ota_logic.state()  == OTAState::Error);
+    }
+    THEN("The OTA error should be set to OTAError::NoOTAStorageConfigured")
+    {
+      REQUIRE(ota_logic.error() == OTAError::NoOTAStorageConfigured);
+    }
+  }
+}
+
+/**************************************************************************************/
+
 TEST_CASE("OTAStorage initialisation fails", "[OTAStorage::init() -> returns false]")
 {
   Mock<OTAStorage> ota_storage;
diff --git a/src/utility/ota/OTALogic.cpp b/src/utility/ota/OTALogic.cpp
@@ -42,7 +42,8 @@
  ******************************************************************************/
 
 OTALogic::OTALogic()
-: _ota_storage{nullptr}
+: _is_configured{false}
+, _ota_storage{nullptr}
 , _ota_state{OTAState::Init}
 , _ota_error{OTAError::None}
 {
@@ -54,8 +55,24 @@ OTALogic::OTALogic()
  * PUBLIC MEMBER FUNCTIONS
  ******************************************************************************/
 
+void OTALogic::setOTAStorage(OTAStorage & ota_storage)
+{
+  _ota_storage = &ota_storage;
+  _is_configured = true;
+}
+
 OTAError OTALogic::update()
 {
+  /* This if clause should never happen. None the less we
+   * should insure ourselves against this scenario because
+   * otherwise we'll have a nullptr dereferencing.
+   */
+  if (!_is_configured) {
+    _ota_state = OTAState::Error;
+    _ota_error = OTAError::NoOTAStorageConfigured;
+    return _ota_error;
+  }
+
   OTAState prev_ota_state;
   /* The purpose of this loop is to allow the transition of
    * more than one state per a singular call of 'update'. If
diff --git a/src/utility/ota/OTALogic.h b/src/utility/ota/OTALogic.h
@@ -56,7 +56,8 @@ enum class OTAError : int
   StorageWriteFailed     = 3,
   ChecksumMismatch       = 4,
   ReceivedDataOverrun    = 5,
-  RenameOfTempFileFailed = 6
+  RenameOfTempFileFailed = 6,
+  NoOTAStorageConfigured = 7
 };
 
 /******************************************************************************
@@ -71,7 +72,7 @@ class OTALogic
   OTALogic();
 
 
-  inline void setOTAStorage(OTAStorage & ota_storage) { _ota_storage = &ota_storage; }
+  void setOTAStorage(OTAStorage & ota_storage);
 
 
   OTAError update();
@@ -99,6 +100,7 @@ class OTALogic
     crc_t    crc32;
   } sOTABinaryData;
 
+  bool _is_configured;
   OTAStorage * _ota_storage;
   OTAState _ota_state;
   OTAError _ota_error;
