[PATCH] wifi: ath9k: add a defensive NULL check to prevent null-pointer dereference in ath9k_beacon_remove_slot()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tuo Li <islituo@gmail.com>
To: toke@toke.dk
Cc: linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
	Tuo Li <islituo@gmail.com>
Subject: [PATCH] wifi: ath9k: add a defensive NULL check to prevent null-pointer dereference in ath9k_beacon_remove_slot()
Date: Wed,  7 Jan 2026 11:12:03 +0800	[thread overview]
Message-ID: <20260107031203.170628-1-islituo@gmail.com> (raw)

In this function, bf is guarded by an if statement, indicating that it may
be NULL:

  if (bf && bf->bf_mpdu) {...}

If bf is NULL, calling list_add_tail() may result in a null-pointer
dereference:

  list_add_tail(&bf->list, &sc->beacon.bbuf);

Therefore, add a defensive NULL check before invoking list_add_tail() to
prevent this issue.

Signed-off-by: Tuo Li <islituo@gmail.com>
---
 drivers/net/wireless/ath/ath9k/beacon.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath9k/beacon.c b/drivers/net/wireless/ath/ath9k/beacon.c
index 4a27e3753c03..e39e2738ba1a 100644
--- a/drivers/net/wireless/ath/ath9k/beacon.c
+++ b/drivers/net/wireless/ath/ath9k/beacon.c
@@ -236,7 +236,8 @@ void ath9k_beacon_remove_slot(struct ath_softc *sc, struct ieee80211_vif *vif)
 
 	avp->av_bcbuf = NULL;
 	sc->beacon.bslot[avp->av_bslot] = NULL;
-	list_add_tail(&bf->list, &sc->beacon.bbuf);
+	if (bf)
+		list_add_tail(&bf->list, &sc->beacon.bbuf);
 
 	tasklet_enable(&sc->bcon_tasklet);
 }
-- 
2.43.0

next             reply	other threads:[~2026-01-07  3:12 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-07  3:12 Tuo Li [this message]
2026-01-07 10:03 ` [PATCH] wifi: ath9k: add a defensive NULL check to prevent null-pointer dereference in ath9k_beacon_remove_slot() Toke Høiland-Jørgensen
2026-01-08 13:41   ` Tuo Li

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4a27e3753c0 dfblob:e39e2738ba1 )
 OR (
bs:"[PATCH] wifi: ath9k: add a defensive NULL check to prevent null-pointer dereference in ath9k_beacon_remove_slot()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260107031203.170628-1-islituo@gmail.com \
    --to=islituo@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=toke@toke.dk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.