Check for scan channel gap only when user_scan_in is not NULL.
user_scan_in is NULL for internal scans and if we check scan channel gap
at this place, it may result into crash.
Reported-by: Dan Carpenter <[email protected]>
Signed-off-by: Avinash Patil <[email protected]>
Signed-off-by: Cathy Luo <[email protected]>
---
drivers/net/wireless/mwifiex/scan.c | 33 +++++++++++++++++----------------
1 file changed, 17 insertions(+), 16 deletions(-)
diff --git a/drivers/net/wireless/mwifiex/scan.c b/drivers/net/wireless/mwifiex/scan.c
index 67f9cdb..a868552 100644
--- a/drivers/net/wireless/mwifiex/scan.c
+++ b/drivers/net/wireless/mwifiex/scan.c
@@ -926,6 +926,23 @@ mwifiex_config_scan(struct mwifiex_private *priv,
if ((i && ssid_filter) ||
!is_zero_ether_addr(scan_cfg_out->specific_bssid))
*filtered_scan = true;
+
+ if (user_scan_in->scan_chan_gap) {
+ dev_dbg(adapter->dev, "info: scan: channel gap = %d\n",
+ user_scan_in->scan_chan_gap);
+ *max_chan_per_scan =
+ MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
+
+ chan_gap_tlv = (void *)tlv_pos;
+ chan_gap_tlv->header.type =
+ cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP);
+ chan_gap_tlv->header.len =
+ cpu_to_le16(sizeof(chan_gap_tlv->chan_gap));
+ chan_gap_tlv->chan_gap =
+ cpu_to_le16((user_scan_in->scan_chan_gap));
+ tlv_pos +=
+ sizeof(struct mwifiex_ie_types_scan_chan_gap);
+ }
} else {
scan_cfg_out->bss_mode = (u8) adapter->scan_mode;
num_probes = adapter->scan_probes;
@@ -940,22 +957,6 @@ mwifiex_config_scan(struct mwifiex_private *priv,
else
*max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD;
- if (user_scan_in->scan_chan_gap) {
- *max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
- dev_dbg(adapter->dev, "info: scan: channel gap = %d\n",
- user_scan_in->scan_chan_gap);
-
- chan_gap_tlv = (void *)tlv_pos;
- chan_gap_tlv->header.type =
- cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP);
- chan_gap_tlv->header.len =
- cpu_to_le16(sizeof(chan_gap_tlv->chan_gap));
- chan_gap_tlv->chan_gap =
- cpu_to_le16((user_scan_in->scan_chan_gap));
-
- tlv_pos += sizeof(struct mwifiex_ie_types_scan_chan_gap);
- }
-
/* If the input config or adapter has the number of Probes set,
add tlv */
if (num_probes) {
--
1.8.1.4