On 03/02/2019 11:31, Dan Carpenter wrote:
> On Sat, Feb 02, 2019 at 10:56:27PM +0000, Colin King wrote:
>> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>>
>> There is an earlier null check on pointer dev which implies it may be null,
>> however the assignment of pointer pref and the call to free_ieee82011 on
>> a null dev can cause null pointer dereference errors. Fix this by moving
>> the assignment of priv and the the call to free_ieee80211 into the block of
>> code that performs the null dev sanity check.
>>
>> Detected by CoverityScan, CID#143078 ("Dereference after null check")
>>
>> Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging")
>> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>> ---
>> drivers/staging/rtl8192u/r8192U_core.c | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c
>> index 0ac0bbf7d923..4741a29326ea 100644
>> --- a/drivers/staging/rtl8192u/r8192U_core.c
>> +++ b/drivers/staging/rtl8192u/r8192U_core.c
>> @@ -4955,9 +4955,10 @@ static void rtl8192_cancel_deferred_work(struct r8192_priv *priv)
>> static void rtl8192_usb_disconnect(struct usb_interface *intf)
>> {
>> struct net_device *dev = usb_get_intfdata(intf);
>> - struct r8192_priv *priv = ieee80211_priv(dev);
>>
>> if (dev) {
>> + struct r8192_priv *priv = ieee80211_priv(dev);
>
> "dev" can't actually be NULL. Look how we call usb_set_intfdata() in
> probe(). It's better to remove the check instead.
Yep, good point. I'll send a V2.
>
> regards,
> dan carpenter
>
