mwifiex: Fix potential dereference of NULL pointer

Message ID	1652957839-127949-1-git-send-email-lyz_cs@pku.edu.cn (mailing list archive)
State	Changes Requested
Delegated to:	Kalle Valo
Headers	show Return-Path: <linux-wireless-owner@kernel.org> From: Yongzhi Liu <lyz_cs@pku.edu.cn> To: amitkarwar@gmail.com, ganapathi017@gmail.com, sharvari.harisangam@nxp.com, huxinming820@gmail.com, kvalo@kernel.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, arend.vanspriel@broadcom.com Cc: linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, fuyq@stu.pku.edu.cn, Yongzhi Liu <lyz_cs@pku.edu.cn> Subject: [PATCH] mwifiex: Fix potential dereference of NULL pointer Date: Thu, 19 May 2022 03:57:19 -0700 Message-Id: <1652957839-127949-1-git-send-email-lyz_cs@pku.edu.cn> Precedence: bulk
Series	mwifiex: Fix potential dereference of NULL pointer \| expand mwifiex: Fix potential dereference of NULL pointer

Message ID

1652957839-127949-1-git-send-email-lyz_cs@pku.edu.cn (mailing list archive)

State

Changes Requested

Delegated to:

Kalle Valo

Headers

From: Yongzhi Liu <lyz_cs@pku.edu.cn>
To: amitkarwar@gmail.com, ganapathi017@gmail.com,
        sharvari.harisangam@nxp.com, huxinming820@gmail.com,
        kvalo@kernel.org, davem@davemloft.net, edumazet@google.com,
        kuba@kernel.org, pabeni@redhat.com, arend.vanspriel@broadcom.com
Cc: linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, fuyq@stu.pku.edu.cn,
        Yongzhi Liu <lyz_cs@pku.edu.cn>
Subject: [PATCH] mwifiex:  Fix potential dereference of NULL pointer
Date: Thu, 19 May 2022 03:57:19 -0700
Message-Id: <1652957839-127949-1-git-send-email-lyz_cs@pku.edu.cn>
Precedence: bulk

Series

mwifiex: Fix potential dereference of NULL pointer | expand

Commit Message

刘永志 May 19, 2022, 10:57 a.m. UTC

If 'card' is not valid, then we need to check the
field 'adapter' and 'priv_num' to avoid use of NULL
pointer in function 'mwifiex_get_priv'. Fix this by
adding the null pointer check on them.

Fixes: 21c5c83ce ("mwifiex: support sysfs initiated device coredump")

Signed-off-by: Yongzhi Liu <lyz_cs@pku.edu.cn>
---
 drivers/net/wireless/marvell/mwifiex/usb.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Kalle Valo May 19, 2022, 3:37 p.m. UTC | #1

Yongzhi Liu <lyz_cs@pku.edu.cn> writes:

> If 'card' is not valid, then we need to check the
> field 'adapter' and 'priv_num' to avoid use of NULL
> pointer in function 'mwifiex_get_priv'. Fix this by
> adding the null pointer check on them.

Why? We don't add null checks for every access, why does this function
need it?

How did you find this? Is this something you found with a static checker
tool or by testing with a real device?

> Fixes: 21c5c83ce ("mwifiex: support sysfs initiated device coredump")

Format is wrong, it should be:

Fixes: 21c5c83ce833 ("mwifiex: support sysfs initiated device coredump")

Jeff Johnson May 19, 2022, 3:52 p.m. UTC | #2

On 5/19/2022 8:37 AM, Kalle Valo wrote:
> Yongzhi Liu <lyz_cs@pku.edu.cn> writes:
> Format is wrong, it should be:
> 
> Fixes: 21c5c83ce833 ("mwifiex: support sysfs initiated device coredump")

And no blank line between the Fixes tag and the Signed-off-by tag

diff --git a/drivers/net/wireless/marvell/mwifiex/usb.c b/drivers/net/wireless/marvell/mwifiex/usb.c
index 8f01fcb..c635206 100644
--- a/drivers/net/wireless/marvell/mwifiex/usb.c
+++ b/drivers/net/wireless/marvell/mwifiex/usb.c
@@ -686,6 +686,8 @@  static void mwifiex_usb_coredump(struct device *dev)
 {
 	struct usb_interface *intf = to_usb_interface(dev);
 	struct usb_card_rec *card = usb_get_intfdata(intf);
+	if (!card->adapter || !card->adapter->priv_num)
+		return;
 
 	mwifiex_fw_dump_event(mwifiex_get_priv(card->adapter,
 					       MWIFIEX_BSS_ROLE_ANY));

mwifiex: Fix potential dereference of NULL pointer

Commit Message

Comments

Patch