On Wed, Nov 23, 2022 at 04:23:45PM +0300, Ekaterina Esina wrote:
> Before dereferencing r->callback check it for NULL.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> Fixes: 61e121047645 ("staging: gdm7240: adding LTE USB driver")
> Signed-off-by: Ekaterina Esina <eesina@xxxxxxxxxxxxx>
> ---
> drivers/staging/gdm724x/gdm_usb.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
> index 54bdb64f52e8..7cf89f4c95c4 100644
> --- a/drivers/staging/gdm724x/gdm_usb.c
> +++ b/drivers/staging/gdm724x/gdm_usb.c
> @@ -409,10 +409,12 @@ static void do_rx(struct work_struct *work)
> switch (cmd_evt) {
> case LTE_GET_INFORMATION_RESULT:
> if (set_mac_address(hci->data, r->cb_data) == 0) {
> - r->callback(r->cb_data,
> + if (r->callback) {
What makes you think r->callback can be NULL?
So far as I can see that's not possible. It is checked before it's
added to the list in gdm_usb_rcv_complete().
regards,
dan carpenter
