| Message ID | 20250322230137.28164-1-qasdev00@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] wifi: mt76: mt7996: prevent uninit return in mt7996_mac_sta_add_links | expand |
… > or link_sta_dereference_protected() fail the code jumps to > the error_unlink label and returns ret which is uninitialised. … * Would you like to avoid typos in such a change description? * Can any background information become more relevant for the usage of source code analysis tools? * Can the summary phrase be improved also another bit? … > +++ b/drivers/net/wireless/mediatek/mt76/mt7996/main.c > @@ -998,16 +998,22 @@ mt7996_mac_sta_add_links(struct mt7996_dev *dev, struct ieee80211_vif *vif, > continue; > > link_conf = link_conf_dereference_protected(vif, link_id); > - if (!link_conf) > + if (!link_conf) { > + err = -EINVAL; > goto error_unlink; > + } > > link = mt7996_vif_link(dev, vif, link_id); > - if (!link) > + if (!link) { > + err = -EINVAL; > goto error_unlink; > + } … Can software development interests evolve in ways which might make the avoidance of duplicate source code more feasible also for affected error/exception handling? Regards, Markus
diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/main.c b/drivers/net/wireless/mediatek/mt76/mt7996/main.c index 91c64e3a0860..70823bbb165c 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7996/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7996/main.c @@ -998,16 +998,22 @@ mt7996_mac_sta_add_links(struct mt7996_dev *dev, struct ieee80211_vif *vif, continue; link_conf = link_conf_dereference_protected(vif, link_id); - if (!link_conf) + if (!link_conf) { + err = -EINVAL; goto error_unlink; + } link = mt7996_vif_link(dev, vif, link_id); - if (!link) + if (!link) { + err = -EINVAL; goto error_unlink; + } link_sta = link_sta_dereference_protected(sta, link_id); - if (!link_sta) + if (!link_sta) { + err = -EINVAL; goto error_unlink; + } err = mt7996_mac_sta_init_link(dev, link_conf, link_sta, link, link_id);
If link_conf_dereference_protected() or mt7996_vif_link() or link_sta_dereference_protected() fail the code jumps to the error_unlink label and returns ret which is uninitialised. Fix this by setting err before jumping to error_unlink. Fixes: c7e4fc362443 ("wifi: mt76: mt7996: Update mt7996_mcu_add_sta to MLO support") Fixes: dd82a9e02c05 ("wifi: mt76: mt7996: Rely on mt7996_sta_link in sta_add/sta_remove callbacks") Signed-off-by: Qasim Ijaz <qasdev00@gmail.com> --- v2: - Added missing semi-colon as pointed out by Jonas Gorski drivers/net/wireless/mediatek/mt76/mt7996/main.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-)