From 87e1cabfca2ca77f01a33e9086fbddb0fe45ddbd Mon Sep 17 00:00:00 2001 From: "Zane (RainCicada)" Date: Thu, 21 May 2026 21:40:04 -0500 Subject: [PATCH] sdrsrv: fix null-deref in MainServer::addMIMODevice() addMIMODevice() never assigned m_deviceSets.back()->m_deviceAPI before dereferencing it via setSampleMIMO(), causing the very first POST /sdrangel/deviceset?direction=2 against a fresh headless server to SIGSEGV in DeviceAPI::setSampleMIMO()'s vtable lookup. DeviceSet's constructor initializes m_deviceAPI to nullptr (sdrbase/device/deviceset.cpp:38), and the sibling helpers addSinkDevice() (line 283) and addSourceDevice() (line 323) both assign the new DeviceAPI* into m_deviceSets.back()->m_deviceAPI before any later dereference. addMIMODevice() omits this assignment, so the line that today reads: m_mainCore->m_deviceSets.back()->m_deviceAPI->setSampleMIMO(mimo); dereferences nullptr. Fix by performing the same assignment as the Sink/Source paths, just before the createSampleMIMOPluginInstance() call. Verified against v7.25.1 in a custom headless build (cicada-sdrangelsrv:7.25.1-mimo) with a LimeSDR-USB: - Pre-patch: POST /sdrangel/deviceset?direction=2 -> HTTP 202, then immediate SIGSEGV (backtrace top frame DeviceAPI::setSampleMIMO -> MainServer::addMIMODevice). - Post-patch: POST -> HTTP 202, container healthy, follow-up PUT /sdrangel/deviceset/0/device with hwType=LimeSDR direction=2 -> HTTP 202, deviceset reports the LimeSDR correctly bound as a MIMO device. --- sdrsrv/mainserver.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sdrsrv/mainserver.cpp b/sdrsrv/mainserver.cpp index da7723ce4..ffebf660c 100644 --- a/sdrsrv/mainserver.cpp +++ b/sdrsrv/mainserver.cpp @@ -377,6 +377,8 @@ void MainServer::addMIMODevice() deviceAPI->setHardwareUserArguments(userArgs); } + m_mainCore->m_deviceSets.back()->m_deviceAPI = deviceAPI; + DeviceSampleMIMO *mimo = deviceAPI->getPluginInterface()->createSampleMIMOPluginInstance( deviceAPI->getSamplingDeviceId(), deviceAPI); m_mainCore->m_deviceSets.back()->m_deviceAPI->setSampleMIMO(mimo);