Message ID | 20240930185104.19107-1-zichenxie0106@gmail.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | mt76: mt7925: main.c: Avoid possible NULL Pointer Dereference in mt7925_change_vif_links() | expand |
On 30/09/2024 20:51, Gax-c wrote: > 'mconf = devm_kzalloc()' and 'mlink = devm_kzalloc()' may return NULL. > NULL Pointer Dereference may be triggered in the statement 'mconf->link_id = link_id;' below. > Add a null check for the returned pointer. > > Fixes: 69acd6d910b0 ("wifi: mt76: mt7925: add mt7925_change_vif_links") > Signed-off-by: Zichen Xie <zichenxie0106@gmail.com> > Reported-by: Zichen Xie <zichenxie0106@gmail.com> > Reported-by: Zijie Zhao <zzjas98@gmail.com> > Reported-by: Chenyuan Yang <chenyuan0y@gmail.com> > --- > drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net/wireless/mediatek/mt76/mt7925/main.c > index 791c8b00e112..ea635169497f 100644 > --- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c > +++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c > @@ -1948,6 +1948,12 @@ mt7925_change_vif_links(struct ieee80211_hw *hw, struct ieee80211_vif *vif, > GFP_KERNEL); > } > > + if (!mconf || !mlink) { > + err = -ENOMEM; > + goto free; > + } > + All previous comments apply - wrapping, commit tags, unnecessary blank lines, proper cleanup. Best regards, Krzysztof
diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net/wireless/mediatek/mt76/mt7925/main.c index 791c8b00e112..ea635169497f 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c @@ -1948,6 +1948,12 @@ mt7925_change_vif_links(struct ieee80211_hw *hw, struct ieee80211_vif *vif, GFP_KERNEL); } + if (!mconf || !mlink) { + err = -ENOMEM; + goto free; + } + + mconfs[link_id] = mconf; mlinks[link_id] = mlink; mconf->link_id = link_id;
'mconf = devm_kzalloc()' and 'mlink = devm_kzalloc()' may return NULL. NULL Pointer Dereference may be triggered in the statement 'mconf->link_id = link_id;' below. Add a null check for the returned pointer. Fixes: 69acd6d910b0 ("wifi: mt76: mt7925: add mt7925_change_vif_links") Signed-off-by: Zichen Xie <zichenxie0106@gmail.com> Reported-by: Zichen Xie <zichenxie0106@gmail.com> Reported-by: Zijie Zhao <zzjas98@gmail.com> Reported-by: Chenyuan Yang <chenyuan0y@gmail.com> --- drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 ++++++ 1 file changed, 6 insertions(+)