[PATCH 421/961] staging: brcm80211: fix potential null pointer access handling ucode buffer

[Greg Kroah-Hartman]

From: Arend van Spriel <arend at broadcom.com>

Allocation of buffer in function wl_ucode_init_buf can fail. This was
signalled by an error message, but code continued to access the null
pointer. This is now avoided by jumping to failure label.

Reviewed-by: Roland Vossen <rvossen at broadcom.com>
Reviewed-by: Brett Rudley <brudley at broadcom.com>
Reviewed-by: Henry Ptasinski <henryp at broadcom.com>
Signed-off-by: Arend van Spriel <arend at broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
 drivers/staging/brcm80211/brcmsmac/wl_mac80211.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/drivers/staging/brcm80211/brcmsmac/wl_mac80211.c b/drivers/staging/brcm80211/brcmsmac/wl_mac80211.c
index c1d6699..304ae68 100644
--- a/drivers/staging/brcm80211/brcmsmac/wl_mac80211.c
+++ b/drivers/staging/brcm80211/brcmsmac/wl_mac80211.c
@@ -1707,6 +1707,7 @@ int wl_ucode_init_buf(struct wl_info *wl, void **pbuf, u32 idx)
 				if (*pbuf == NULL) {
 					WL_ERROR("fail to alloc %d bytes\n",
 						 hdr->len);
+					goto fail;
 				}
 				bcopy(pdata, *pbuf, hdr->len);
 				return 0;
@@ -1715,6 +1716,7 @@ int wl_ucode_init_buf(struct wl_info *wl, void **pbuf, u32 idx)
 	}
 	WL_ERROR("ERROR: ucode buf tag:%d can not be found!\n", idx);
 	*pbuf = NULL;
+fail:
 	return -1;
 }
 
-- 
1.7.4.1