wifi-scripts: ucode: fix null dereference for 6GHz-only radios

he_phy_cap and he_mac_cap in phy_capabilities are only populated inside
the iftype_data loop. On 6GHz-only radios (e.g. QCN9074/ath11k_pci),
when capability bytes are unavailable they remain null, causing null
dereferences in device_htmode_append():

  Reference error: left-hand side expression is null
  if (!(he_phy_cap[3] & 0x80))

Initialise both to [] before the loop and guard the consumer side with
?? [] so bitwise checks conservatively disable beamformer/beamformee/twt
features rather than crashing.

Link: https://github.com/openwrt/openwrt/issues/23488
Signed-off-by: dastarothx <darkastalier@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/23496
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc
index 8c96874f427016a8e4ac8d53beca6de4c2c6fa39..e23ea7f809801af4e81dda62d108c87fd297a0dd 100644 (file)
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc
@@ -470,6 +470,8 @@ function device_capabilities(config) {
 
        phy_capabilities.ht_capa = band.ht_capa ?? 0;
        phy_capabilities.vht_capa = band.vht_capa ?? 0;
+       phy_capabilities.he_mac_cap = [];
+       phy_capabilities.he_phy_cap = [];
        for (let iftype in band.iftype_data) {
                if (!iftype.iftypes.ap)
                        continue;