This fixes NULL pointer dereferences.
Signed-off-by: Michael Buesch <mb@xxxxxxxxx>
---
This patch is against zd1211rw-mac80211. I'll now clone
wireless-2.6 to get the upstream version. But I guess
this patch does also apply cleanly to z1211, if the paths
are changed.
Index: wireless-dev/drivers/net/wireless/zd1211rw-mac80211/zd_chip.c
===================================================================
--- wireless-dev.orig/drivers/net/wireless/zd1211rw-mac80211/zd_chip.c 2007-09-19 17:15:58.000000000 +0200
+++ wireless-dev/drivers/net/wireless/zd1211rw-mac80211/zd_chip.c 2007-09-23 15:47:43.000000000 +0200
@@ -52,8 +52,15 @@ void zd_chip_clear(struct zd_chip *chip)
static int scnprint_mac_oui(struct zd_chip *chip, char *buffer, size_t size)
{
u8 *addr = zd_chip_to_mac(chip)->hwaddr;
+ u8 a = 0, b = 0, c = 0;
+
+ if (addr) {
+ a = addr[0];
+ b = addr[1];
+ c = addr[2];
+ }
return scnprintf(buffer, size, "%02x-%02x-%02x",
- addr[0], addr[1], addr[2]);
+ a, b, c);
}
/* Prints an identifier line, which will support debugging. */
@@ -378,15 +385,16 @@ int zd_write_mac_addr(struct zd_chip *ch
[1] = { .addr = CR_MAC_ADDR_P2 },
};
- reqs[0].value = (mac_addr[3] << 24)
- | (mac_addr[2] << 16)
- | (mac_addr[1] << 8)
- | mac_addr[0];
- reqs[1].value = (mac_addr[5] << 8)
- | mac_addr[4];
-
- dev_dbg_f(zd_chip_dev(chip),
- "mac addr " MAC_FMT "\n", MAC_ARG(mac_addr));
+ if (mac_addr) {
+ reqs[0].value = (mac_addr[3] << 24)
+ | (mac_addr[2] << 16)
+ | (mac_addr[1] << 8)
+ | mac_addr[0];
+ reqs[1].value = (mac_addr[5] << 8)
+ | mac_addr[4];
+ dev_dbg_f(zd_chip_dev(chip),
+ "mac addr " MAC_FMT "\n", MAC_ARG(mac_addr));
+ }
mutex_lock(&chip->mutex);
r = zd_iowrite32a_locked(chip, reqs, ARRAY_SIZE(reqs));
-
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
