Prevent OOB POWER_VALUES array access if array doesn't have enough values

CapnBry · CapnBry · commit d8b66daf37d2 · 2025-12-20T17:47:16.000-05:00
diff --git a/src/include/target/Unified_ESP32_TX.h b/src/include/target/Unified_ESP32_TX.h
@@ -46,6 +46,7 @@
 #define POWER_OUTPUT_VALUES hardware_i16_array(HARDWARE_power_values)
 #define POWER_OUTPUT_VALUES_COUNT hardware_int(HARDWARE_power_values_count)
 #define POWER_OUTPUT_VALUES2 hardware_i16_array(HARDWARE_power_values2)
+#define POWER_OUTPUT_VALUES2_COUNT POWER_OUTPUT_VALUES_COUNT
 #define POWER_OUTPUT_VALUES_DUAL hardware_i16_array(HARDWARE_power_values_dual)
 #define POWER_OUTPUT_VALUES_DUAL_COUNT hardware_int(HARDWARE_power_values_dual_count)
 
diff --git a/src/lib/POWERMGNT/POWERMGNT.cpp b/src/lib/POWERMGNT/POWERMGNT.cpp
@@ -78,8 +78,6 @@ PowerLevels_e PowerLevelContainer::CurrentPower = PWR_COUNT; // default "undefin
 PowerLevels_e POWERMGNT::FanEnableThreshold = PWR_250mW;
 int8_t POWERMGNT::CurrentSX1280Power = 0;
 
-static const int16_t *powerValues;
-static const int16_t *powerValuesDual;
 extern bool isUsingPrimaryFreqBand();
 
 static int8_t powerCaliValues[PWR_COUNT] = {0};
@@ -88,6 +86,11 @@ static int8_t powerCaliValues[PWR_COUNT] = {0};
 nvs_handle POWERMGNT::handle = 0;
 #endif
 
+// Get the POWER_VALUE_X to send to DAC/RF chip of the speficied index into the array
+// If the index is higher than the array has values, return the LOWEST power value
+// Maybe the user will realize they can't just set MaxPower to 2000mW and get more power
+#define SAFE_GET_POWER_VALUE(values, idx) (((idx) < (values##_COUNT)) ? (values)[idx] : (values)[0])
+
 PowerLevels_e POWERMGNT::incPower()
 {
     if (CurrentPower < getMaxPower())
@@ -109,7 +112,7 @@ PowerLevels_e POWERMGNT::decPower()
 void POWERMGNT::incSX1280Output()
 {
     // Power adjustment is capped to within +-3dB of the target power level to prevent power run-away
-    if (CurrentSX1280Power < 13 && CurrentSX1280Power < powerValues[CurrentPower] + 3)
+    if (CurrentSX1280Power < 13 && CurrentSX1280Power < SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES, CurrentPower) + 3)
     {
         CurrentSX1280Power++;
         Radio.SetOutputPower(CurrentSX1280Power);
@@ -119,7 +122,7 @@ void POWERMGNT::incSX1280Output()
 void POWERMGNT::decSX1280Output()
 {
     // Power adjustment is capped to within +-3dB of the target power level to prevent power run-away
-    if (CurrentSX1280Power > -18 && CurrentSX1280Power > powerValues[CurrentPower] - 3)
+    if (CurrentSX1280Power > -18 && CurrentSX1280Power > SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES, CurrentPower) - 3)
     {
         CurrentSX1280Power--;
         Radio.SetOutputPower(CurrentSX1280Power);
@@ -214,11 +217,6 @@ void POWERMGNT::init()
 {
     PowerLevelContainer::CurrentPower = PWR_COUNT;
 
-    powerValues = POWER_OUTPUT_VALUES;
-    if (POWER_OUTPUT_VALUES_DUAL != nullptr)
-    {
-        powerValuesDual = POWER_OUTPUT_VALUES_DUAL;
-    }
     LoadCalibration();
     setDefaultPower();
 }
@@ -244,43 +242,41 @@ void POWERMGNT::setDefaultPower()
 void POWERMGNT::setPower(PowerLevels_e Power)
 {
     Power = constrain(Power, getMinPower(), getMaxPower());
-    PowerLevels_e PowerDual = Power;
-
     if (Power == CurrentPower)
         return;
-    
     CurrentPower = Power;
 
     // When using SubHGz with CE, limit to a max of 25mW.
     #if defined(Regulatory_Domain_EU_CE_2400) && defined(RADIO_LR1121)
     if (Power > PWR_25mW && isUsingPrimaryFreqBand())
     {
-        Power = (MinPower > PWR_25mW) ? MinPower : PWR_25mW;
+        Power = (MinPower > PWR_25mW) ? getMinPower() : PWR_25mW;
     }
     #endif
 
+    const uint8_t powerIdx = Power - getMinPower();
     if (POWER_OUTPUT_DACWRITE)
     {
         if (POWER_OUTPUT_VALUES2 != nullptr)
         {
-            Radio.SetOutputPower(POWER_OUTPUT_VALUES2[Power - MinPower]);
+            Radio.SetOutputPower(SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES2, powerIdx));
         }
         #if defined(PLATFORM_ESP32_S3) || defined(PLATFORM_ESP32_C3) || defined(PLATFORM_ESP8266)
         ERRLN("ESP32-S3/C3 and ESP8285 MCUs do not have a DAC");
         #else
-        dacWrite(GPIO_PIN_RFamp_APC2, powerValues[Power - MinPower]);
+        dacWrite(GPIO_PIN_RFamp_APC2, SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES, powerIdx));
         #endif
     }
     else
     {
-        CurrentSX1280Power = powerValues[Power - MinPower] + powerCaliValues[Power];
+        CurrentSX1280Power = SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES, powerIdx) + powerCaliValues[Power];
         Radio.SetOutputPower(CurrentSX1280Power);
     }
 
 #if defined(RADIO_LR1121)
     if (POWER_OUTPUT_VALUES_DUAL != nullptr)
     {
-        Radio.SetOutputPower(powerValuesDual[PowerDual - MinPower], false); // Set the high frequency power setting.
+        Radio.SetOutputPower(SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES_DUAL, powerIdx), false); // Set the high frequency power setting.
     }
 #endif
 

Original file line number	Diff line number	Diff line change
`@@ -78,8 +78,6 @@ PowerLevels_e PowerLevelContainer::CurrentPower = PWR_COUNT; // default "undefin`
`78`	`78`	`PowerLevels_e POWERMGNT::FanEnableThreshold = PWR_250mW;`
`79`	`79`	`int8_t POWERMGNT::CurrentSX1280Power = 0;`
`80`	`80`
`81`		`-static const int16_t *powerValues;`
`82`		`-static const int16_t *powerValuesDual;`
`83`	`81`	`extern bool isUsingPrimaryFreqBand();`
`84`	`82`
`85`	`83`	`static int8_t powerCaliValues[PWR_COUNT] = {0};`
`@@ -88,6 +86,11 @@ static int8_t powerCaliValues[PWR_COUNT] = {0};`
`88`	`86`	`nvs_handle POWERMGNT::handle = 0;`
`89`	`87`	`#endif`
`90`	`88`
	`89`	`+// Get the POWER_VALUE_X to send to DAC/RF chip of the speficied index into the array`
	`90`	`+// If the index is higher than the array has values, return the LOWEST power value`
	`91`	`+// Maybe the user will realize they can't just set MaxPower to 2000mW and get more power`
	`92`	`+#define SAFE_GET_POWER_VALUE(values, idx) (((idx) < (values##_COUNT)) ? (values)[idx] : (values)[0])`
	`93`	`+`
`91`	`94`	`PowerLevels_e POWERMGNT::incPower()`
`92`	`95`	`{`
`93`	`96`	`if (CurrentPower < getMaxPower())`
`@@ -109,7 +112,7 @@ PowerLevels_e POWERMGNT::decPower()`
`109`	`112`	`void POWERMGNT::incSX1280Output()`
`110`	`113`	`{`
`111`	`114`	`// Power adjustment is capped to within +-3dB of the target power level to prevent power run-away`
`112`		`- if (CurrentSX1280Power < 13 && CurrentSX1280Power < powerValues[CurrentPower] + 3)`
	`115`	`+ if (CurrentSX1280Power < 13 && CurrentSX1280Power < SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES, CurrentPower) + 3)`
`113`	`116`	`{`
`114`	`117`	`CurrentSX1280Power++;`
`115`	`118`	`Radio.SetOutputPower(CurrentSX1280Power);`
`@@ -119,7 +122,7 @@ void POWERMGNT::incSX1280Output()`
`119`	`122`	`void POWERMGNT::decSX1280Output()`
`120`	`123`	`{`
`121`	`124`	`// Power adjustment is capped to within +-3dB of the target power level to prevent power run-away`
`122`		`- if (CurrentSX1280Power > -18 && CurrentSX1280Power > powerValues[CurrentPower] - 3)`
	`125`	`+ if (CurrentSX1280Power > -18 && CurrentSX1280Power > SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES, CurrentPower) - 3)`
`123`	`126`	`{`
`124`	`127`	`CurrentSX1280Power--;`
`125`	`128`	`Radio.SetOutputPower(CurrentSX1280Power);`
`@@ -214,11 +217,6 @@ void POWERMGNT::init()`
`214`	`217`	`{`
`215`	`218`	`PowerLevelContainer::CurrentPower = PWR_COUNT;`
`216`	`219`
`217`		`- powerValues = POWER_OUTPUT_VALUES;`
`218`		`- if (POWER_OUTPUT_VALUES_DUAL != nullptr)`
`219`		`- {`
`220`		`- powerValuesDual = POWER_OUTPUT_VALUES_DUAL;`
`221`		`- }`
`222`	`220`	`LoadCalibration();`
`223`	`221`	`setDefaultPower();`
`224`	`222`	`}`
`@@ -244,43 +242,41 @@ void POWERMGNT::setDefaultPower()`
`244`	`242`	`void POWERMGNT::setPower(PowerLevels_e Power)`
`245`	`243`	`{`
`246`	`244`	`Power = constrain(Power, getMinPower(), getMaxPower());`
`247`		`- PowerLevels_e PowerDual = Power;`
`248`		`-`
`249`	`245`	`if (Power == CurrentPower)`
`250`	`246`	`return;`
`251`		`-`
`252`	`247`	`CurrentPower = Power;`
`253`	`248`
`254`	`249`	`// When using SubHGz with CE, limit to a max of 25mW.`
`255`	`250`	`#if defined(Regulatory_Domain_EU_CE_2400) && defined(RADIO_LR1121)`
`256`	`251`	`if (Power > PWR_25mW && isUsingPrimaryFreqBand())`
`257`	`252`	`{`
`258`		`- Power = (MinPower > PWR_25mW) ? MinPower : PWR_25mW;`
	`253`	`+ Power = (MinPower > PWR_25mW) ? getMinPower() : PWR_25mW;`
`259`	`254`	`}`
`260`	`255`	`#endif`
`261`	`256`
	`257`	`+ const uint8_t powerIdx = Power - getMinPower();`
`262`	`258`	`if (POWER_OUTPUT_DACWRITE)`
`263`	`259`	`{`
`264`	`260`	`if (POWER_OUTPUT_VALUES2 != nullptr)`
`265`	`261`	`{`
`266`		`- Radio.SetOutputPower(POWER_OUTPUT_VALUES2[Power - MinPower]);`
	`262`	`+ Radio.SetOutputPower(SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES2, powerIdx));`
`267`	`263`	`}`
`268`	`264`	`#if defined(PLATFORM_ESP32_S3) \|\| defined(PLATFORM_ESP32_C3) \|\| defined(PLATFORM_ESP8266)`
`269`	`265`	`ERRLN("ESP32-S3/C3 and ESP8285 MCUs do not have a DAC");`
`270`	`266`	`#else`
`271`		`- dacWrite(GPIO_PIN_RFamp_APC2, powerValues[Power - MinPower]);`
	`267`	`+ dacWrite(GPIO_PIN_RFamp_APC2, SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES, powerIdx));`
`272`	`268`	`#endif`
`273`	`269`	`}`
`274`	`270`	`else`
`275`	`271`	`{`
`276`		`- CurrentSX1280Power = powerValues[Power - MinPower] + powerCaliValues[Power];`
	`272`	`+ CurrentSX1280Power = SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES, powerIdx) + powerCaliValues[Power];`
`277`	`273`	`Radio.SetOutputPower(CurrentSX1280Power);`
`278`	`274`	`}`
`279`	`275`
`280`	`276`	`#if defined(RADIO_LR1121)`
`281`	`277`	`if (POWER_OUTPUT_VALUES_DUAL != nullptr)`
`282`	`278`	`{`
`283`		`- Radio.SetOutputPower(powerValuesDual[PowerDual - MinPower], false); // Set the high frequency power setting.`
	`279`	`+ Radio.SetOutputPower(SAFE_GET_POWER_VALUE(POWER_OUTPUT_VALUES_DUAL, powerIdx), false); // Set the high frequency power setting.`
`284`	`280`	`}`
`285`	`281`	`#endif`
`286`	`282`