[PATCH2 6/7] staging: brcm80211: fix potential null pointer access handling ucode buffer
Arend van Spriel
arend at broadcom.com
Wed Feb 9 21:02:48 UTC 2011
Allocation of buffer in function wl_ucode_init_buf can fail. This was
signalled by an error message, but code continued to access the null
pointer. This is now avoided by jumping to failure label.
Reviewed-by: Roland Vossen <rvossen at broadcom.com>
Reviewed-by: Brett Rudley <brudley at broadcom.com>
Reviewed-by: Henry Ptasinski <henryp at broadcom.com>
Signed-off-by: Arend van Spriel <arend at broadcom.com>
---
drivers/staging/brcm80211/brcmsmac/wl_mac80211.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/drivers/staging/brcm80211/brcmsmac/wl_mac80211.c b/drivers/staging/brcm80211/brcmsmac/wl_mac80211.c
index 13acbcb..7335549 100644
--- a/drivers/staging/brcm80211/brcmsmac/wl_mac80211.c
+++ b/drivers/staging/brcm80211/brcmsmac/wl_mac80211.c
@@ -1735,6 +1735,7 @@ int wl_ucode_init_buf(struct wl_info *wl, void **pbuf, u32 idx)
if (*pbuf == NULL) {
WL_ERROR("fail to alloc %d bytes\n",
hdr->len);
+ goto fail;
}
bcopy(pdata, *pbuf, hdr->len);
return 0;
@@ -1743,6 +1744,7 @@ int wl_ucode_init_buf(struct wl_info *wl, void **pbuf, u32 idx)
}
WL_ERROR("ERROR: ucode buf tag:%d can not be found!\n", idx);
*pbuf = NULL;
+fail:
return -1;
}
--
1.7.1
More information about the devel
mailing list