* [PATCH Linux-next] ioctl_linux: fix a potential NULL pointer dereference bug
@ 2021-08-23 3:06 cgel.zte
2021-08-23 19:34 ` Pavel Skripkin
0 siblings, 1 reply; 2+ messages in thread
From: cgel.zte @ 2021-08-23 3:06 UTC (permalink / raw)
To: gregkh; +Cc: linux-staging, linux-kernel, xu xin, Zeal Robot
From: xu xin <xu.xin16@zte.com.cn>
The pointer might be NULL, but it is dereferenced.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: xu xin <xu.xin16@zte.com.cn>
---
drivers/staging/r8188eu/os_dep/ioctl_linux.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
index a3e6d761e748..ce4ce9190f5f 100644
--- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
@@ -4389,7 +4389,8 @@ static int rtw_dbg_port(struct net_device *dev,
pregpriv->rx_stbc = extra_arg;
DBG_88E("set rx_stbc =%d\n", pregpriv->rx_stbc);
} else {
- DBG_88E("get rx_stbc =%d\n", pregpriv->rx_stbc);
+ if (pregpriv)
+ DBG_88E("get rx_stbc =%d\n", pregpriv->rx_stbc);
}
}
break;
@@ -4401,7 +4402,8 @@ static int rtw_dbg_port(struct net_device *dev,
pregpriv->ampdu_enable = extra_arg;
DBG_88E("set ampdu_enable =%d\n", pregpriv->ampdu_enable);
} else {
- DBG_88E("get ampdu_enable =%d\n", pregpriv->ampdu_enable);
+ if (pregpriv)
+ DBG_88E("get ampdu_enable =%d\n", pregpriv->ampdu_enable);
}
}
break;
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH Linux-next] ioctl_linux: fix a potential NULL pointer dereference bug
2021-08-23 3:06 [PATCH Linux-next] ioctl_linux: fix a potential NULL pointer dereference bug cgel.zte
@ 2021-08-23 19:34 ` Pavel Skripkin
0 siblings, 0 replies; 2+ messages in thread
From: Pavel Skripkin @ 2021-08-23 19:34 UTC (permalink / raw)
To: cgel.zte, gregkh; +Cc: linux-staging, linux-kernel, xu xin, Zeal Robot
On 8/23/21 6:06 AM, cgel.zte@gmail.com wrote:
> From: xu xin <xu.xin16@zte.com.cn>
>
> The pointer might be NULL, but it is dereferenced.
>
> Reported-by: Zeal Robot <zealci@zte.com.cn>
> Signed-off-by: xu xin <xu.xin16@zte.com.cn>
> ---
> drivers/staging/r8188eu/os_dep/ioctl_linux.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> index a3e6d761e748..ce4ce9190f5f 100644
> --- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> +++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> @@ -4389,7 +4389,8 @@ static int rtw_dbg_port(struct net_device *dev,
> pregpriv->rx_stbc = extra_arg;
> DBG_88E("set rx_stbc =%d\n", pregpriv->rx_stbc);
> } else {
> - DBG_88E("get rx_stbc =%d\n", pregpriv->rx_stbc);
> + if (pregpriv)
> + DBG_88E("get rx_stbc =%d\n", pregpriv->rx_stbc);
> }
> }
> break;
> @@ -4401,7 +4402,8 @@ static int rtw_dbg_port(struct net_device *dev,
> pregpriv->ampdu_enable = extra_arg;
> DBG_88E("set ampdu_enable =%d\n", pregpriv->ampdu_enable);
> } else {
> - DBG_88E("get ampdu_enable =%d\n", pregpriv->ampdu_enable);
> + if (pregpriv)
> + DBG_88E("get ampdu_enable =%d\n", pregpriv->ampdu_enable);
> }
> }
> break;
>
Hi, Xu!
I can't see how pregpriv can be NULL:
struct registry_priv *pregpriv = &padapter->registrypriv;
It can be NULL in case of completely wrong padapter pointer, but I can't
see how it's possible. Do you have a calltrace?
I guess, your robot reported this, because there is useless check in
same code block:
if (pregpriv &&
(extra_arg == 0 ||
extra_arg == 1 ||
extra_arg == 2 ||
extra_arg == 3))
So, I think, "pregpriv &&" part should be removed, instead of adding 2
branches.
Also, subject line should be "staging: r8118eu: <subject>". Thank you!
With regards,
Pavel Skripkin
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-08-23 19:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-23 3:06 [PATCH Linux-next] ioctl_linux: fix a potential NULL pointer dereference bug cgel.zte
2021-08-23 19:34 ` Pavel Skripkin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).