2013-04-19 02:14:32

by Wei Yongjun

[permalink] [raw]
Subject: [PATCH -next] brcmfmac: fix potential NULL pointer dereference in brcmf_fws_flow_control_check()

From: Wei Yongjun <[email protected]>

The dereference to 'ifp' in debug code should be moved below the NULL test.

Signed-off-by: Wei Yongjun <[email protected]>
---
drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c b/drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c
index 1bcd58c..69d5ad2 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c
@@ -821,11 +821,12 @@ brcmf_fws_flow_control_check(struct brcmf_fws_info *fws, struct pktq *pq,
{
struct brcmf_if *ifp = fws->drvr->iflist[if_id];

- brcmf_dbg(TRACE,
- "enter: bssidx=%d, ifidx=%d\n", ifp->bssidx, ifp->ifidx);
if (WARN_ON(!ifp))
return;

+ brcmf_dbg(TRACE,
+ "enter: bssidx=%d, ifidx=%d\n", ifp->bssidx, ifp->ifidx);
+
if ((ifp->netif_stop & BRCMF_NETIF_STOP_REASON_FWS_FC) &&
pq->len <= BRCMF_FWS_FLOWCONTROL_LOWATER)
brcmf_txflowblock_if(ifp,



2013-04-19 08:13:09

by Arend van Spriel

[permalink] [raw]
Subject: Re: [PATCH -next] brcmfmac: fix potential NULL pointer dereference in brcmf_fws_flow_control_check()

On 04/19/2013 04:14 AM, Wei Yongjun wrote:
> From: Wei Yongjun <[email protected]>
>
> The dereference to 'ifp' in debug code should be moved below the NULL test.

Acked-by: Arend van Spriel <[email protected]>
> Signed-off-by: Wei Yongjun <[email protected]>
> ---
> drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c b/drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c
> index 1bcd58c..69d5ad2 100644
> --- a/drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c
> +++ b/drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c
> @@ -821,11 +821,12 @@ brcmf_fws_flow_control_check(struct brcmf_fws_info *fws, struct pktq *pq,
> {
> struct brcmf_if *ifp = fws->drvr->iflist[if_id];
>
> - brcmf_dbg(TRACE,
> - "enter: bssidx=%d, ifidx=%d\n", ifp->bssidx, ifp->ifidx);
> if (WARN_ON(!ifp))
> return;
>
> + brcmf_dbg(TRACE,
> + "enter: bssidx=%d, ifidx=%d\n", ifp->bssidx, ifp->ifidx);
> +
> if ((ifp->netif_stop & BRCMF_NETIF_STOP_REASON_FWS_FC) &&
> pq->len <= BRCMF_FWS_FLOWCONTROL_LOWATER)
> brcmf_txflowblock_if(ifp,
>
>