LinuxLists.cc - [PATCH v3] staging: rtlwifi: rtl8822b: fix to avoid NULL pointer dereference

2019-03-20 17:04:23

Subject: [PATCH v3] staging: rtlwifi: rtl8822b: fix to avoid NULL pointer dereference

skb allocated via dev_alloc_skb can fail and return a NULL pointer.
This patch avoids such a scenario and returns, consistent with other
invocations.

Signed-off-by: Aditya Pakki <[email protected]>

---
v2: Move signed off above the version change log
v1: Patch collision with rtl_phydm.c, fix as per Greg
---
drivers/staging/rtlwifi/rtl8822be/fw.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/staging/rtlwifi/rtl8822be/fw.c b/drivers/staging/rtlwifi/rtl8822be/fw.c
index f061dd1382aa..cf6b7a80b753 100644
--- a/drivers/staging/rtlwifi/rtl8822be/fw.c
+++ b/drivers/staging/rtlwifi/rtl8822be/fw.c
@@ -743,6 +743,8 @@ void rtl8822be_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished)
u1_rsvd_page_loc, 3);

skb = dev_alloc_skb(totalpacketlen);
+ if (!skb)
+ return;
memcpy((u8 *)skb_put(skb, totalpacketlen), &reserved_page_packet,
totalpacketlen);

--
2.17.1

2019-03-20 20:30:06

by Mukesh Ojha

[permalink] [raw]

Subject: Re: [PATCH v3] staging: rtlwifi: rtl8822b: fix to avoid NULL pointer dereference

On 3/20/2019 10:32 PM, Aditya Pakki wrote:
> skb allocated via dev_alloc_skb can fail and return a NULL pointer.
> This patch avoids such a scenario and returns, consistent with other
> invocations.
>
> Signed-off-by: Aditya Pakki <[email protected]>
>
> ---
> v2: Move signed off above the version change log
> v1: Patch collision with rtl_phydm.c, fix as per Greg
> ---
> drivers/staging/rtlwifi/rtl8822be/fw.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/staging/rtlwifi/rtl8822be/fw.c b/drivers/staging/rtlwifi/rtl8822be/fw.c
> index f061dd1382aa..cf6b7a80b753 100644
> --- a/drivers/staging/rtlwifi/rtl8822be/fw.c
> +++ b/drivers/staging/rtlwifi/rtl8822be/fw.c
> @@ -743,6 +743,8 @@ void rtl8822be_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool b_dl_finished)
> u1_rsvd_page_loc, 3);
>
> skb = dev_alloc_skb(totalpacketlen);
> + if (!skb)
> + return;
> memcpy((u8 *)skb_put(skb, totalpacketlen), &reserved_page_packet,
> totalpacketlen);
>

Reviewed-by: Mukesh Ojha <[email protected]>