Dan Carpenter reported two problems found in changes that were merged
into kernel 4.12. One of them involves twp variables that might not
be initialized. The second is a potential use after free error.
Signed-off-by: Larry Finger <[email protected]>
Ping-Ke Shih (2):
rtlwifi: fix static checker warning of uninitialized symbol.
rtlwifi: fix static checker warning of dereferencing freed memory
drivers/net/wireless/realtek/rtlwifi/base.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--
2.12.3
Larry Finger <[email protected]> wrote:
> From: Ping-Ke Shih <[email protected]>
>
> Patch 2635664e6e4a: ("rtlwifi: Add rx ampdu cfg for btcoexist.")
> leads to the following static checker warning:
>
> drivers/net/wireless/realtek/rtlwifi/base.c:1664 rtl_rx_ampdu_apply()
> error: uninitialized symbol 'reject_agg'.
>
> Reported-by: Dan Carpenter <[email protected]>
> Fixes: 2635664e6e4a: ("rtlwifi: Add rx ampdu cfg for btcoexist.")
> Cc: Stable <[email protected]> # v4.12+
> Signed-off-by: Ping-Ke Shih <[email protected]>
> Signed-off-by: Larry Finger <[email protected]>
Failed to apply:
fatal: sha1 information is lacking or useless (drivers/net/wireless/realtek/rtlwifi/base.c).
error: could not build fake ancestor
Applying: rtlwifi: fix static checker warning of dereferencing freed memory
Patch failed at 0001 rtlwifi: fix static checker warning of dereferencing freed memory
The copy of the patch that failed is found in: .git/rebase-apply/patch
2 patches set to Changes Requested.
9833893 [1/2] rtlwifi: fix static checker warning of uninitialized symbol.
9833895 [2/2] rtlwifi: fix static checker warning of dereferencing freed memory
--
https://patchwork.kernel.org/patch/9833893/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
From: Ping-Ke Shih <[email protected]>
Patch c76ab8e75442 ("rtlwifi: Fill ap_num field by driver") leads to the
following static checker warning:
drivers/net/wireless/realtek/rtlwifi/base.c:1741 rtl_scan_list_expire()
error: dereferencing freed memory 'entry'
Reported-by: Dan Carpenter <[email protected]>
Fixes: c76ab8e75442 ("rtlwifi: Fill ap_num field by driver")
Cc: Stable <[email protected]> # 4.12+
Signed-off-by: Ping-Ke Shih <[email protected]>
Signed-off-by: Larry Finger <[email protected]>
---
drivers/net/wireless/realtek/rtlwifi/base.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/base.c b/drivers/net/wireless/realtek/rtlwifi/base.c
index d7a1e2d2d529..7074aee35a11 100644
--- a/drivers/net/wireless/realtek/rtlwifi/base.c
+++ b/drivers/net/wireless/realtek/rtlwifi/base.c
@@ -1805,13 +1805,13 @@ void rtl_scan_list_expire(struct ieee80211_hw *hw)
if (jiffies_to_msecs(jiffies - entry->age) < 180000)
continue;
+ RT_TRACE(rtlpriv, COMP_SCAN, DBG_LOUD,
+ "BSSID=%pM is expire in scan list (total=%d)\n",
+ entry->bssid, rtlpriv->scan_list.num - 1);
+
list_del(&entry->list);
kfree(entry);
rtlpriv->scan_list.num--;
-
- RT_TRACE(rtlpriv, COMP_SCAN, DBG_LOUD,
- "BSSID=%pM is expire in scan list (total=%d)\n",
- entry->bssid, rtlpriv->scan_list.num);
}
spin_unlock_irqrestore(&rtlpriv->locks.scan_list_lock, flags);
--
2.12.3
From: Ping-Ke Shih <[email protected]>
Patch 2635664e6e4a: ("rtlwifi: Add rx ampdu cfg for btcoexist.")
leads to the following static checker warning:
drivers/net/wireless/realtek/rtlwifi/base.c:1664 rtl_rx_ampdu_apply()
error: uninitialized symbol 'reject_agg'.
Reported-by: Dan Carpenter <[email protected]>
Fixes: 2635664e6e4a: ("rtlwifi: Add rx ampdu cfg for btcoexist.")
Cc: Stable <[email protected]> # v4.12+
Signed-off-by: Ping-Ke Shih <[email protected]>
Signed-off-by: Larry Finger <[email protected]>
---
drivers/net/wireless/realtek/rtlwifi/base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/base.c b/drivers/net/wireless/realtek/rtlwifi/base.c
index c145cfe27216..d7a1e2d2d529 100644
--- a/drivers/net/wireless/realtek/rtlwifi/base.c
+++ b/drivers/net/wireless/realtek/rtlwifi/base.c
@@ -1731,7 +1731,7 @@ int rtl_tx_agg_oper(struct ieee80211_hw *hw,
void rtl_rx_ampdu_apply(struct rtl_priv *rtlpriv)
{
struct rtl_btc_ops *btc_ops = rtlpriv->btcoexist.btc_ops;
- u8 reject_agg, ctrl_agg_size = 0, agg_size;
+ u8 reject_agg = 0, ctrl_agg_size = 0, agg_size = 0;
if (rtlpriv->cfg->ops->get_btc_status())
btc_ops->btc_get_ampdu_cfg(rtlpriv, &reject_agg,
--
2.12.3