I'm testing out my code checker (http://repo.or.cz/w/smatch.git/).
It complains about ipw_wx_set_scan() from
drivers/net/wireless/ipw2x00/ipw2200.c
Can the "if (req->scan_type == IW_SCAN_TYPE_PASSIVE) { " from line 9522
ever be false? If the conditions on lines 9516 and 9522 were both false
then 'work' would still be NULL. That causes a null dereference in
queue_delayed_work() on line 9534.
9515 if (wrqu->data.length == sizeof(struct iw_scan_req)) {
9516 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
9517 int len = min((int)req->essid_len,
9518 (int)sizeof(priv->direct_scan_ssid));
9519 memcpy(priv->direct_scan_ssid, req->essid, len);
9520 priv->direct_scan_ssid_len = len;
9521 work = &priv->request_direct_scan;
9522 } else if (req->scan_type == IW_SCAN_TYPE_PASSIVE) {
9523 work = &priv->request_passive_scan;
9524 }
9525 } else {
9526 /* Normal active broadcast scan */
9527 work = &priv->request_scan;
9528 }
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
