Return-path: Received: from phoenix.szarvasnet.hu ([87.101.127.3]:37634 "EHLO phoenix.szarvas.hu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754201AbZANTSr (ORCPT ); Wed, 14 Jan 2009 14:18:47 -0500 From: Gabor Juhos To: "John W. Linville" Cc: "Luis R. Rodriguez" , Jouni Malinen , "ath9k-devel@lists.ath9k.org" , "linux-wireless@vger.kernel.org" , Felix Fietkau , Christoph Hellwig , Sujith Manoharan , Johannes Berg , Pavel Roskin , Gabor Juhos , Imre Kaloz Subject: [PATCH v4 10/11] ath9k: fix null pointer dereference in ani monitor code Date: Wed, 14 Jan 2009 20:17:11 +0100 Message-Id: <1231960632-4452-11-git-send-email-juhosg@openwrt.org> (sfid-20090114_201852_295433_652D1FBE) In-Reply-To: <1231960632-4452-1-git-send-email-juhosg@openwrt.org> References: <1231960632-4452-1-git-send-email-juhosg@openwrt.org> Sender: linux-wireless-owner@vger.kernel.org List-ID: In 'ath9k_ani_reset' the 'ahp->ah_curani' will be initialized only if 'DO_ANI(ah)' true. In 'ath9k_hw_ani_monitor' we are using 'ahp->ah_curani' unconditionally, and it will cause a NULL pointer dereference on AR9100. Changes-licensed-under: ISC Signed-off-by: Gabor Juhos Signed-off-by: Imre Kaloz --- drivers/net/wireless/ath9k/ani.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/ath9k/ani.c b/drivers/net/wireless/ath9k/ani.c index 4dd0860..42197ff 100644 --- a/drivers/net/wireless/ath9k/ani.c +++ b/drivers/net/wireless/ath9k/ani.c @@ -551,6 +551,9 @@ void ath9k_hw_ani_monitor(struct ath_hal *ah, struct ar5416AniState *aniState; int32_t listenTime; + if (!DO_ANI(ah)) + return; + aniState = ahp->ah_curani; ahp->ah_stats.ast_nodestats = *stats; @@ -610,9 +613,6 @@ void ath9k_hw_ani_monitor(struct ath_hal *ah, aniState->cckPhyErrCount = cckPhyErrCnt; } - if (!DO_ANI(ah)) - return; - if (aniState->listenTime > 5 * ahp->ah_aniPeriod) { if (aniState->ofdmPhyErrCount <= aniState->listenTime * aniState->ofdmTrigLow / 1000 && -- 1.5.3.2