| Message ID | 4428a7ab-eb67-4f0e-992f-35577ea2b564@moroto.mountain (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Kalle Valo |
| Headers | show |
| Series | wifi: ath12k: fix potential NULL dereference | expand |
On 6/14/2024 10:32 AM, Dan Carpenter wrote: > In this condition if "sband" is NULL then it leads to a NULL dereference > on the next line when it does "idx -= sband->n_channels;". > > The condition can just be deleted, because if "sband" is NULL or the > "idx" is out of bounds, then the correct thing is to at this point is to > return -ENOENT. There are no additional sbands available to try. > > Fixes: 70e3be54bbdd ("wifi: ath12k: fix survey dump collection in 6 GHz") > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> > --- > drivers/net/wireless/ath/ath12k/mac.c | 5 ----- > 1 file changed, 5 deletions(-) > > diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c > index 509c02bffdae..e5456383dabd 100644 > --- a/drivers/net/wireless/ath/ath12k/mac.c > +++ b/drivers/net/wireless/ath/ath12k/mac.c > @@ -8314,11 +8314,6 @@ static int ath12k_mac_op_get_survey(struct ieee80211_hw *hw, int idx, > > if (!sband) > sband = hw->wiphy->bands[NL80211_BAND_6GHZ]; > - if (!sband || idx >= sband->n_channels) { > - idx -= sband->n_channels; > - sband = NULL; > - } > - > if (!sband || idx >= sband->n_channels) > return -ENOENT; > This duplicates https://lore.kernel.org/all/20240611031017.297927-2-quic_aarasahu@quicinc.com/
diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 509c02bffdae..e5456383dabd 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -8314,11 +8314,6 @@ static int ath12k_mac_op_get_survey(struct ieee80211_hw *hw, int idx, if (!sband) sband = hw->wiphy->bands[NL80211_BAND_6GHZ]; - if (!sband || idx >= sband->n_channels) { - idx -= sband->n_channels; - sband = NULL; - } - if (!sband || idx >= sband->n_channels) return -ENOENT;
In this condition if "sband" is NULL then it leads to a NULL dereference on the next line when it does "idx -= sband->n_channels;". The condition can just be deleted, because if "sband" is NULL or the "idx" is out of bounds, then the correct thing is to at this point is to return -ENOENT. There are no additional sbands available to try. Fixes: 70e3be54bbdd ("wifi: ath12k: fix survey dump collection in 6 GHz") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> --- drivers/net/wireless/ath/ath12k/mac.c | 5 ----- 1 file changed, 5 deletions(-)