The id pointer can be NULL in rsi_probe(). It is checked everywhere except
for the else branch in the idProduct condition. The patch adds NULL check
before the id dereference in the rsi_dbg() call.
Fixes: 54fdb318c111 ("rsi: add new device model for 9116")
Cc: Amitkumar Karwar <[email protected]>
Cc: Siva Rebbagondla <[email protected]>
Cc: Kalle Valo <[email protected]>
Signed-off-by: Denis Efremov <[email protected]>
---
drivers/net/wireless/rsi/rsi_91x_usb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/rsi/rsi_91x_usb.c b/drivers/net/wireless/rsi/rsi_91x_usb.c
index 760eaffeebd6..23a1d00b5f38 100644
--- a/drivers/net/wireless/rsi/rsi_91x_usb.c
+++ b/drivers/net/wireless/rsi/rsi_91x_usb.c
@@ -793,7 +793,7 @@ static int rsi_probe(struct usb_interface *pfunction,
adapter->device_model = RSI_DEV_9116;
} else {
rsi_dbg(ERR_ZONE, "%s: Unsupported RSI device id 0x%x\n",
- __func__, id->idProduct);
+ __func__, id ? id->idProduct : 0x0);
goto err1;
}
--
2.21.0
Denis Efremov <[email protected]> wrote:
> The id pointer can be NULL in rsi_probe(). It is checked everywhere except
> for the else branch in the idProduct condition. The patch adds NULL check
> before the id dereference in the rsi_dbg() call.
>
> Fixes: 54fdb318c111 ("rsi: add new device model for 9116")
> Cc: Amitkumar Karwar <[email protected]>
> Cc: Siva Rebbagondla <[email protected]>
> Cc: Kalle Valo <[email protected]>
> Signed-off-by: Denis Efremov <[email protected]>
Patch applied to wireless-drivers-next.git, thanks.
f170d44bc4ec rsi: fix potential null dereference in rsi_probe()
--
https://patchwork.kernel.org/patch/11171695/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
On Fri, Oct 04, 2019 at 01:47:36PM +0000, Kalle Valo wrote:
> Denis Efremov <[email protected]> wrote:
>
> > The id pointer can be NULL in rsi_probe().
While the existing code in rsi_probe() may lead you to believe that,
this statement is false.
> > It is checked everywhere except
> > for the else branch in the idProduct condition. The patch adds NULL check
> > before the id dereference in the rsi_dbg() call.
> >
> > Fixes: 54fdb318c111 ("rsi: add new device model for 9116")
> > Cc: Amitkumar Karwar <[email protected]>
> > Cc: Siva Rebbagondla <[email protected]>
> > Cc: Kalle Valo <[email protected]>
> > Signed-off-by: Denis Efremov <[email protected]>
>
> Patch applied to wireless-drivers-next.git, thanks.
>
> f170d44bc4ec rsi: fix potential null dereference in rsi_probe()
I just sent a revert to prevent the confusion from spreading (e.g. to
stable autosel and contributers looking for things to work on). Hope you
don't mind, Kalle.
Johan
Johan Hovold <[email protected]> writes:
> On Fri, Oct 04, 2019 at 01:47:36PM +0000, Kalle Valo wrote:
>> Denis Efremov <[email protected]> wrote:
>>
>> > The id pointer can be NULL in rsi_probe().
>
> While the existing code in rsi_probe() may lead you to believe that,
> this statement is false.
>
>> > It is checked everywhere except
>> > for the else branch in the idProduct condition. The patch adds NULL check
>> > before the id dereference in the rsi_dbg() call.
>> >
>> > Fixes: 54fdb318c111 ("rsi: add new device model for 9116")
>> > Cc: Amitkumar Karwar <[email protected]>
>> > Cc: Siva Rebbagondla <[email protected]>
>> > Cc: Kalle Valo <[email protected]>
>> > Signed-off-by: Denis Efremov <[email protected]>
>>
>> Patch applied to wireless-drivers-next.git, thanks.
>>
>> f170d44bc4ec rsi: fix potential null dereference in rsi_probe()
>
> I just sent a revert to prevent the confusion from spreading (e.g. to
> stable autosel and contributers looking for things to work on). Hope you
> don't mind, Kalle.
That's great, thanks Johan.
--
Kalle Valo