[bug report] staging: wilc1000: handle scan operation callback from cfg80211 context

Dan Carpenter dan.carpenter at oracle.com
Wed Dec 12 09:54:08 UTC 2018


Hello Ajay Singh,

The patch 8f1a0ac1eba7: "staging: wilc1000: handle scan operation
callback from cfg80211 context" from Dec 2, 2018, leads to the
following static checker warning:

	drivers/staging/wilc1000/wilc_wfi_cfgoperations.c:562 scan()
	error: NULL dereference inside function 'wilc_scan()'

drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
   541          if (request->n_channels <= MAX_NUM_SCANNED_NETWORKS) {
   542                  for (i = 0; i < request->n_channels; i++) {
   543                          u16 freq = request->channels[i]->center_freq;
   544  
   545                          scan_ch_list[i] = ieee80211_frequency_to_channel(freq);
   546                  }
   547  
   548                  if (request->n_ssids >= 1) {
   549                          if (wilc_wfi_cfg_alloc_fill_ssid(request,
   550                                                           &hidden_ntwk)) {
   551                                  ret = -ENOMEM;
   552                                  goto out;
   553                          }
   554  
   555                          ret = wilc_scan(vif, WILC_FW_USER_SCAN,
   556                                          WILC_FW_ACTIVE_SCAN, scan_ch_list,
   557                                          request->n_channels,
   558                                          (const u8 *)request->ie,
   559                                          request->ie_len, cfg_scan_result,
   560                                          (void *)priv, &hidden_ntwk);
   561                  } else {
   562                          ret = wilc_scan(vif, WILC_FW_USER_SCAN,
   563                                          WILC_FW_ACTIVE_SCAN, scan_ch_list,
   564                                          request->n_channels,
   565                                          (const u8 *)request->ie,
   566                                          request->ie_len, cfg_scan_result,
   567                                          (void *)priv, NULL);
                                                              ^^^^
The old code used to have a check for NULL.

   568                  }
   569          } else {
   570                  netdev_err(priv->dev, "Requested scanned channels over\n");
   571          }

regards,
dan carpenter


More information about the devel mailing list