[bug report] wifi: mt76: Check link_conf pointer in mt76_connac_mcu_sta_basic_tlv()
Dan Carpenter
dan.carpenter at linaro.org
Fri Mar 21 07:33:26 PDT 2025
Hello Shayne Chen,
This is a semi-automatic email about new static checker warnings.
Commit 9890624c1b39 ("wifi: mt76: Check link_conf pointer in
mt76_connac_mcu_sta_basic_tlv()") from Mar 11, 2025, leads to the
following Smatch complaint:
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c:394 mt76_connac_mcu_sta_basic_tlv()
warn: variable dereferenced before check 'link_conf' (see line 376)
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
375 {
376 struct ieee80211_vif *vif = link_conf->vif;
^^^^^^^^^^^^^^
Dereferenced.
377 struct sta_rec_basic *basic;
378 struct tlv *tlv;
379 int conn_type;
380
381 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BASIC, sizeof(*basic));
382
383 basic = (struct sta_rec_basic *)tlv;
384 basic->extra_info = cpu_to_le16(EXTRA_INFO_VER);
385
386 if (newly && conn_state != CONN_STATE_DISCONNECT)
387 basic->extra_info |= cpu_to_le16(EXTRA_INFO_NEW);
388 basic->conn_state = conn_state;
389
390 if (!link_sta) {
391 basic->conn_type = cpu_to_le32(CONNECTION_INFRA_BC);
392
393 if (vif->type == NL80211_IFTYPE_STATION &&
394 link_conf && !is_zero_ether_addr(link_conf->bssid)) {
^^^^^^^^^
The patch adds a NULL dereference but it's too late.
395 memcpy(basic->peer_addr, link_conf->bssid, ETH_ALEN);
396 basic->aid = cpu_to_le16(vif->cfg.aid);
regards,
dan carpenter
More information about the Linux-mediatek
mailing list