[BUG] iwlegacy: 3945-rs: possible null-pointer dereference in il3945_rs_get_rate()

From: Li Tuo
Date: Fri Jul 30 2021 - 23:40:00 EST

Next message: Li Tuo: "[BUG] bfq-iosched: possible null-pointer dereference in __bfq_insert_request()"
Previous message: Baisheng Gao: "[PATCH] Documentation: fix incorrect macro referencing in mscc-phy-vsc8531.txt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Our static analysis tool finds a possible null-pointer dereference in the iwlegacy driver in Linux 5.14.0-rc3:

The variable rs_sta is checked in:
629:    if (rs_sta && !rs_sta->il)

This indicates that rs_sta can be NULL.
If so, some null-pointer dereferences will occur in some statements such as:
643:    idx = min(rs_sta->last_txrate_idx & 0xffff, RATE_COUNT_3945 - 1);
653:    if (rs_sta->start_rate != RATE_INVALID)

I am not quite sure whether this possible null-pointer dereference is real and how to fix it if it is real.
Any feedback would be appreciated, thanks!

Reported-by: TOTE Robot <oslab@xxxxxxxxxxxxxxx>

Best wishes,
Tuo Li

Next message: Li Tuo: "[BUG] bfq-iosched: possible null-pointer dereference in __bfq_insert_request()"
Previous message: Baisheng Gao: "[PATCH] Documentation: fix incorrect macro referencing in mscc-phy-vsc8531.txt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]