| Message ID | 20180328174027.31551-1-colin.king@canonical.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | db5a4d5e1073be452645d7021eeaf807d70325a2 |
| Delegated to: | Kalle Valo |
| Headers | show |
On 2018-03-28 20:40, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > The pointer ndev is being dereferenced before it is being null checked, > hence there is a potential null pointer deference. Fix this by only > dereferencing ndev after it has been null checked > > Detected by CoverityScan, CID#1467010 ("Dereference before null check") > > Fixes: e00243fab84b ("wil6210: infrastructure for multiple virtual > interfaces") > Signed-off-by: Colin Ian King <colin.king@canonical.com> > --- > drivers/net/wireless/ath/wil6210/main.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/wireless/ath/wil6210/main.c > b/drivers/net/wireless/ath/wil6210/main.c > index a4b413e8d55a..82aec6b06d09 100644 > --- a/drivers/net/wireless/ath/wil6210/main.c > +++ b/drivers/net/wireless/ath/wil6210/main.c > @@ -391,7 +391,7 @@ static void wil_fw_error_worker(struct work_struct > *work) > struct wil6210_priv *wil = container_of(work, struct wil6210_priv, > fw_error_worker); > struct net_device *ndev = wil->main_ndev; > - struct wireless_dev *wdev = ndev->ieee80211_ptr; > + struct wireless_dev *wdev; > > wil_dbg_misc(wil, "fw error worker\n"); > > @@ -399,6 +399,7 @@ static void wil_fw_error_worker(struct work_struct > *work) > wil_info(wil, "No recovery - interface is down\n"); > return; > } > + wdev = ndev->ieee80211_ptr; > > /* increment @recovery_count if less then WIL6210_FW_RECOVERY_TO > * passed since last recovery attempt Reviewed-by: Maya Erez <merez@codeaurora.org>
merez@codeaurora.org writes: > On 2018-03-28 20:40, Colin King wrote: >> From: Colin Ian King <colin.king@canonical.com> >> >> The pointer ndev is being dereferenced before it is being null checked, >> hence there is a potential null pointer deference. Fix this by only >> dereferencing ndev after it has been null checked >> >> Detected by CoverityScan, CID#1467010 ("Dereference before null check") >> >> Fixes: e00243fab84b ("wil6210: infrastructure for multiple virtual >> interfaces") >> Signed-off-by: Colin Ian King <colin.king@canonical.com> [...] > Reviewed-by: Maya Erez <merez@codeaurora.org> Maya, as you are the wil6210 maintainer you can actually use Acked-by instead of Reviewed-by. Not that it really matters which one you use, both of them indicate me that you have checked and agree the patch, but wanted to point out this anyway :)
Colin Ian King <colin.king@canonical.com> wrote: > The pointer ndev is being dereferenced before it is being null checked, > hence there is a potential null pointer deference. Fix this by only > dereferencing ndev after it has been null checked > > Detected by CoverityScan, CID#1467010 ("Dereference before null check") > > Fixes: e00243fab84b ("wil6210: infrastructure for multiple virtual interfaces") > Signed-off-by: Colin Ian King <colin.king@canonical.com> > Reviewed-by: Maya Erez <merez@codeaurora.org> > Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Patch applied to ath-next branch of ath.git, thanks. db5a4d5e1073 wil6210: fix potential null dereference of ndev before null check
diff --git a/drivers/net/wireless/ath/wil6210/main.c b/drivers/net/wireless/ath/wil6210/main.c index a4b413e8d55a..82aec6b06d09 100644 --- a/drivers/net/wireless/ath/wil6210/main.c +++ b/drivers/net/wireless/ath/wil6210/main.c @@ -391,7 +391,7 @@ static void wil_fw_error_worker(struct work_struct *work) struct wil6210_priv *wil = container_of(work, struct wil6210_priv, fw_error_worker); struct net_device *ndev = wil->main_ndev; - struct wireless_dev *wdev = ndev->ieee80211_ptr; + struct wireless_dev *wdev; wil_dbg_misc(wil, "fw error worker\n"); @@ -399,6 +399,7 @@ static void wil_fw_error_worker(struct work_struct *work) wil_info(wil, "No recovery - interface is down\n"); return; } + wdev = ndev->ieee80211_ptr; /* increment @recovery_count if less then WIL6210_FW_RECOVERY_TO * passed since last recovery attempt