Re: [PATCH 2/3] staging: r8188eu: fix null check in _rtw_enqueue_recvframe

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Vihas,

On 4/24/22 19:31, Vihas Makwana wrote:
There's a NULL check on padapter in rtw_recv.c:189 which makes no sense as
rtw_recv.c:184 dereferences it unconditionally and it would have already
crashed at this point.
Fix this by moving the dereference line inside the check.

Signed-off-by: Vihas Makwana <makvihas@xxxxxxxxx>
---
  drivers/staging/r8188eu/core/rtw_recv.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/r8188eu/core/rtw_recv.c b/drivers/staging/r8188eu/core/rtw_recv.c
index 4cf9b4b8f..7d306a3c6 100644
--- a/drivers/staging/r8188eu/core/rtw_recv.c
+++ b/drivers/staging/r8188eu/core/rtw_recv.c
@@ -181,12 +181,13 @@ int rtw_free_recvframe(struct recv_frame *precvframe, struct __queue *pfree_recv
  int _rtw_enqueue_recvframe(struct recv_frame *precvframe, struct __queue *queue)
  {
  	struct adapter *padapter = precvframe->adapter;
-	struct recv_priv *precvpriv = &padapter->recvpriv;
+	struct recv_priv *precvpriv;

Actually, `&padapter->recvpriv` is not a de-reference, it's just address calculation, so in case of padapder being NULL precvpriv will contain offsetof(struct adapter, recvpriv).

list_del_init(&precvframe->list);
  	list_add_tail(&precvframe->list, get_list_head(queue));
if (padapter) {
+		precvpriv = &padapter->recvpriv;
  		if (queue == &precvpriv->free_recv_queue)
  			precvpriv->free_recvframe_cnt++;
  	}




With regards,
Pavel Skripkin




[Index of Archives]     [Linux Driver Development]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux