Dongliang Mu <dzm91@xxxxxxxxxxx> writes:
Smatch reports:Please don't send patches for static checker errors without actually
ath_chanctx_event() error: we previously assumed 'vif' could be null
The function ath_chanctx_event can be called with vif argument as NULL.
If vif is NULL, ath_dbg can trigger a null pointer dereference.
Fix this by adding a null pointer check.
Fixes: 878066e745b5 ("ath9k: Add more debug statements for channel context")
Signed-off-by: Dongliang Mu <dzm91@xxxxxxxxxxx>
---
drivers/net/wireless/ath/ath9k/channel.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/channel.c b/drivers/net/wireless/ath/ath9k/channel.c
index 571062f2e82a..e343c8962d14 100644
--- a/drivers/net/wireless/ath/ath9k/channel.c
+++ b/drivers/net/wireless/ath/ath9k/channel.c
@@ -576,7 +576,9 @@ void ath_chanctx_event(struct ath_softc *sc, struct ieee80211_vif *vif,
if (sc->sched.state != ATH_CHANCTX_STATE_WAIT_FOR_BEACON)
break;
- ath_dbg(common, CHAN_CTX, "Preparing beacon for vif: %pM\n", vif->addr);
+ if (vif)
+ ath_dbg(common, CHAN_CTX,
+ "Preparing beacon for vif: %pM\n", vif->addr);
checking if there is a valid bug. Which there isn't in this case.
Specifically, that branch of the switch statement dereferences the avpYeah, you are right. However, no matter where or which variable causing the null-ptr-def crash, the crash is there.
pointer, which will be NULL if 'vif' is. Meaning we will have crashed
way before reaching this statement if vif is indeed NULL.
-Toke