Re: [PATCH] staging: r8188eu: fix a potential NULL pointer dereference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Apr 24, 2022 at 12:17:48AM +0530, Vihas Makwana wrote:
> recvframe_chk_defrag() performs a NULL check on psta, but if that check
> fails then it dereferences it, which it shouldn't do as psta is NULL.
> 
> Set pdefrag_q to NULL if above check fails and let the code after it handle
> that case.
> 
> Fixes: 1cc18a22b96b ("staging: r8188eu: Add files for new driver - part 5")
> Signed-off-by: Vihas Makwana <makvihas@xxxxxxxxx>
> ---
>  drivers/staging/r8188eu/core/rtw_recv.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/staging/r8188eu/core/rtw_recv.c b/drivers/staging/r8188eu/core/rtw_recv.c
> index c1005ddaa..db54bceff 100644
> --- a/drivers/staging/r8188eu/core/rtw_recv.c
> +++ b/drivers/staging/r8188eu/core/rtw_recv.c
> @@ -1244,7 +1244,7 @@ struct recv_frame *recvframe_chk_defrag(struct adapter *padapter, struct recv_fr
>  			pdefrag_q = NULL;
>  		}
>  	} else {
> -		pdefrag_q = &psta->sta_recvpriv.defrag_q;
> +		pdefrag_q = NULL;

What?  "psta" is valid pointer on the else path.

(Also this isn't really a dereference, this is just pointer math.  It's
taking the address.  The Oops would happen later if psta were NULL.)

regards,
dan carpenter





[Index of Archives]     [Linux Driver Development]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux