2022-04-25 07:52:40

by Vihas Makwana

[permalink] [raw]
Subject: [PATCH 0/3] staging: r8188eu: fix some null checks

There are some NULL checks which doesn't make sense.
So either we should remove them or fix them appropriately.
This patchset fixes them.
Tested on Comfast CF-WU810N RTL8188EUS wireless adapter.

Vihas Makwana (3):
staging: r8188eu: fix null check in rtw_free_recvframe
staging: r8188eu: fix null check in _rtw_enqueue_recvframe
staging: r8188eu: fix null check in _rtw_free_mlme_priv

drivers/staging/r8188eu/core/rtw_mlme.c | 8 +++-----
drivers/staging/r8188eu/core/rtw_recv.c | 5 +++--
2 files changed, 6 insertions(+), 7 deletions(-)

--
2.30.2


2022-04-25 08:26:09

by Vihas Makwana

[permalink] [raw]
Subject: [PATCH 1/3] staging: r8188eu: fix null check in rtw_free_recvframe

There's a NULL check on padapter in rtw_recv.c:170 which makes no sense as
rtw_recv.c:152 dereferences it unconditionally and it would have already
crashed at this point.
Fix this by moving the dereference line inside the check.

Signed-off-by: Vihas Makwana <[email protected]>
---
drivers/staging/r8188eu/core/rtw_recv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/r8188eu/core/rtw_recv.c b/drivers/staging/r8188eu/core/rtw_recv.c
index c1005ddaa..4cf9b4b8f 100644
--- a/drivers/staging/r8188eu/core/rtw_recv.c
+++ b/drivers/staging/r8188eu/core/rtw_recv.c
@@ -154,7 +154,6 @@ int rtw_free_recvframe(struct recv_frame *precvframe, struct __queue *pfree_recv
if (!precvframe)
return _FAIL;
padapter = precvframe->adapter;
- precvpriv = &padapter->recvpriv;
if (precvframe->pkt) {
dev_kfree_skb_any(precvframe->pkt);/* free skb by driver */
precvframe->pkt = NULL;
@@ -169,6 +168,7 @@ int rtw_free_recvframe(struct recv_frame *precvframe, struct __queue *pfree_recv
list_add_tail(&precvframe->list, get_list_head(pfree_recv_queue));

if (padapter) {
+ precvpriv = &padapter->recvpriv;
if (pfree_recv_queue == &precvpriv->free_recv_queue)
precvpriv->free_recvframe_cnt++;
}
--
2.30.2

2022-04-25 09:41:05

by Vihas Makwana

[permalink] [raw]
Subject: [PATCH 3/3] staging: r8188eu: fix null check in _rtw_free_mlme_priv

There's a NULL check on pmlmepriv in rtw_mlme.c:112 which makes no sense
as rtw_free_mlme_priv_ie_data() dereferences it unconditionally and it
would have already crashed at this point.
Fix this by moving rtw_free_mlme_priv_ie_data() inside the check.

Signed-off-by: Vihas Makwana <[email protected]>
---
drivers/staging/r8188eu/core/rtw_mlme.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/r8188eu/core/rtw_mlme.c b/drivers/staging/r8188eu/core/rtw_mlme.c
index 081c02417..87c754462 100644
--- a/drivers/staging/r8188eu/core/rtw_mlme.c
+++ b/drivers/staging/r8188eu/core/rtw_mlme.c
@@ -109,12 +109,10 @@ void rtw_free_mlme_priv_ie_data(struct mlme_priv *pmlmepriv)

void _rtw_free_mlme_priv(struct mlme_priv *pmlmepriv)
{
-
- rtw_free_mlme_priv_ie_data(pmlmepriv);
-
- if (pmlmepriv)
+ if (pmlmepriv) {
+ rtw_free_mlme_priv_ie_data(pmlmepriv);
vfree(pmlmepriv->free_bss_buf);
-
+ }
}

struct wlan_network *_rtw_alloc_network(struct mlme_priv *pmlmepriv)/* _queue *free_queue) */
--
2.30.2