Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp2001552pxb; Sun, 24 Apr 2022 01:28:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwnNNqrs7wl208iTk1Xlg780rYCcLmjihmNx5nFEwpH8Gb1FfpYMph5ogpItv82K33RmmrV X-Received: by 2002:a17:907:6e05:b0:6f2:48a0:7148 with SMTP id sd5-20020a1709076e0500b006f248a07148mr9816481ejc.34.1650788896356; Sun, 24 Apr 2022 01:28:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650788896; cv=none; d=google.com; s=arc-20160816; b=MNygbRAWwu4g/A3LJLQUd+2xmBC9bGYkMmlvIXbIrcj4+OWX3O4zfX6gjGjkr5/Fjl 4f3LWrvLYGwc70/GQ/jBN49dPk9LKj8vfnUKEADmq2cdEvBEoGzquegJlzgdNnwiZ23h BQ44cRXb70P4ap+2YzCC48HOujrTC0n1ko6TaslAGcZxtBI/gW59cCbLYIQBTPHSXMHr bN6iIJU2ec0cr8cJDNGcG+N0KdcR2FFYjAqZNKhIAbHpe70STwSwmVRCiPqTmhIgjHva pz5wSp7HdS7/XbT0nUeFFFNndcJYZk4sAFxshMKnPzWlgQeLQghBLiA+dS1PVrASndvZ gq1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=S4As9YzHRBrrZ1C0yo3XEDo6BKzSgfNCpKjF9OwCZh0=; b=KB7E2YkrSBvBQcdTD4KqWVJYieT4SUnms4njtid/wMNg3XdBRE6o96OP1IRmidRDgl nHna8DtrlmLdPZ5P1SqLjlyJSMHZD2JaAk2T8XNaysEuMHf3jhACHYTaxk607qPyl9zQ M64vclkKN/8sp+bBz1VZ+Rru2BPZnIEzQ4DbTPepOP1eabf34ZBs1wamdzdPosUUSMd/ +Sup5it+r2upSaQMtnuyM3w3mkcuxbo1Tfd1xQakfHVK6mHuzPWH38yO1VBnmtNa2R/8 6Dh3qZH+mDJqb/ZIn2eLwOUaA4i8JwBsWTgpYu/F9Gf8AhFlgHOI3+z+Aq4tgBTToxHZ xO3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=iM2mIyLE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hy12-20020a1709068a6c00b006f38baab73fsi797347ejc.530.2022.04.24.01.27.38; Sun, 24 Apr 2022 01:28:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=iM2mIyLE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235402AbiDWXuj (ORCPT + 99 others); Sat, 23 Apr 2022 19:50:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55916 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235017AbiDWXui (ORCPT ); Sat, 23 Apr 2022 19:50:38 -0400 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED29622BF1 for ; Sat, 23 Apr 2022 16:47:39 -0700 (PDT) Received: by mail-ej1-x62a.google.com with SMTP id u15so22925706ejf.11 for ; Sat, 23 Apr 2022 16:47:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=S4As9YzHRBrrZ1C0yo3XEDo6BKzSgfNCpKjF9OwCZh0=; b=iM2mIyLEiD1wFXjGNEI3QW7B+C7ZMY0mpFrDiymtfImyzMtP79nNX/vbweJ1UVr/Jz YQUAlLR5mb6a1nMgQFDtqYobanGVN0A6hZbGpt2veilypsnkC9fkK5DWpPyFmlgNMWAa 6jQfOJuFahUv4yDJXkmOPprBJ8R305LthfKe9d0HbKWsrh7O6iV/iqx+EZxo/8Jj0mPc Cy2ZrW73Z9pz6Rx63l/N7MbLYVaMOEyI/Pvp+xL2Eyb2TDPr0Ez7My6LioUbw9ElgMpe B7rGdflQo7QOVVIYOscJmd6y6KblJq9aetAige64PcFCuonjL5iQyRY7pdWh2LhEEkRR /rXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=S4As9YzHRBrrZ1C0yo3XEDo6BKzSgfNCpKjF9OwCZh0=; b=XPfbjJRQozYpP0rtzm+NEOaRkiFoLALIyIN62daaBFWjf2aQX6pv5U0m4Dq2uZ3PhX fQNNK7zqBlQdg6oJg34xTuStydA09bhENAHwt9cOfV6rZMmTtD3++FFCNgTJQjajmLaD ulzV0ja0ZDAKV7kH5KucpT6zyXh65yH8fYjP9D/kxA/8vcd/XjGy+ARAIsM+XAEizfPt rjRFA9h1bZ9xaD1EglhzxLOv2J9UVGDJIUlYAx9c6pOQBOW6GU78tQ1XqwuubjnIOCAN sTbJxGcuj/qmvDZir4B7XAaitvJyzcBKHCeKncousEiSZq1UCKNui+crebS6jMdzY0KF G6kA== X-Gm-Message-State: AOAM532yNJAXTuL/xqVGWi1tPmNORckYZBGWw/fLrxeEp3pBv584KKIp IR2d98B5r8uGNs1xtLAayCQ= X-Received: by 2002:a17:907:86a8:b0:6f0:1f97:d7da with SMTP id qa40-20020a17090786a800b006f01f97d7damr10174693ejc.663.1650757658401; Sat, 23 Apr 2022 16:47:38 -0700 (PDT) Received: from leap.localnet (host-79-50-86-254.retail.telecomitalia.it. [79.50.86.254]) by smtp.gmail.com with ESMTPSA id e22-20020a170906505600b006da7d71f25csm2104425ejk.41.2022.04.23.16.47.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 23 Apr 2022 16:47:37 -0700 (PDT) From: "Fabio M. De Francesco" To: Larry Finger , Phillip Potter , Greg Kroah-Hartman , Michael Straube , Vihas Makwana Cc: linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, Dan Carpenter , Pavel Skripkin , Vihas Makwana Subject: Re: [PATCH] staging: r8188eu: fix a potential NULL pointer dereference Date: Sun, 24 Apr 2022 01:47:35 +0200 Message-ID: <3607997.MHq7AAxBmi@leap> In-Reply-To: <20220423184745.21134-1-makvihas@gmail.com> References: <20220423184745.21134-1-makvihas@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On sabato 23 aprile 2022 20:47:48 CEST Vihas Makwana wrote: > recvframe_chk_defrag() performs a NULL check on psta, but if that check > fails then it dereferences it, which it shouldn't do as psta is NULL. > > Set pdefrag_q to NULL if above check fails and let the code after it handle > that case. > > Fixes: 1cc18a22b96b ("staging: r8188eu: Add files for new driver - part 5") > Signed-off-by: Vihas Makwana > --- > drivers/staging/r8188eu/core/rtw_recv.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/r8188eu/core/rtw_recv.c b/drivers/staging/ r8188eu/core/rtw_recv.c > index c1005ddaa..db54bceff 100644 > --- a/drivers/staging/r8188eu/core/rtw_recv.c > +++ b/drivers/staging/r8188eu/core/rtw_recv.c > @@ -1244,7 +1244,7 @@ struct recv_frame *recvframe_chk_defrag(struct adapter *padapter, struct recv_fr > pdefrag_q = NULL; > } > } else { > - pdefrag_q = &psta->sta_recvpriv.defrag_q; > + pdefrag_q = NULL; Hi Vihas, To me the code looks like this... struct sta_info *psta; ... psta = rtw_get_stainfo(pstapriv, psta_addr); /* The code is about to test if "psta" is a valid pointer */ if (!psta) { /* "psta" is NULL */ ... } else { /* "psta" is not NULL */ ... > } > Also, even if "psta" were NULL (but it isn't), your change would still be no good. Please be very careful with these types of changes next time :) Thanks, Fabio M. De Francesco > if ((ismfrag == 0) && (fragnum == 0)) > -- > 2.30.2 >