From: Stanislaw Gruszka <stf_xl@wp.pl>
To: Tuo Li <islituo@gmail.com>
Cc: linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] iwlegacy: 3945-rs: fix possible null-pointer dereferences in il3945_rs_get_rate()
Date: Wed, 7 Jan 2026 08:44:38 +0100 [thread overview]
Message-ID: <20260107074438.GA34085@wp.pl> (raw)
In-Reply-To: <20260107071001.172132-1-islituo@gmail.com>
On Wed, Jan 07, 2026 at 03:10:01PM +0800, Tuo Li wrote:
> In this function, il_sta is assigned to rs_sta, and rs_sta is dereferenced
> at several points. If il_sta is NULL, this can lead to null-pointer
> dereferences. To fix this issue, add an early check for il_sta and return
> if it is NULL, consistent with the handling in il3945_rs_tx_status().
>
> Signed-off-by: Tuo Li <islituo@gmail.com>
> ---
> drivers/net/wireless/intel/iwlegacy/3945-rs.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/wireless/intel/iwlegacy/3945-rs.c b/drivers/net/wireless/intel/iwlegacy/3945-rs.c
> index 1826c37c090c..c13268093a6e 100644
> --- a/drivers/net/wireless/intel/iwlegacy/3945-rs.c
> +++ b/drivers/net/wireless/intel/iwlegacy/3945-rs.c
> @@ -626,8 +626,13 @@ il3945_rs_get_rate(void *il_r, struct ieee80211_sta *sta, void *il_sta,
>
> D_RATE("enter\n");
>
> + if (!il_sta) {
> + D_RATE("leave: No STA il data available!\n");
> + return;
> + }
> +
> /* Treat uninitialized rate scaling data same as non-existing. */
> - if (rs_sta && !rs_sta->il) {
> + if (!rs_sta->il) {
> D_RATE("Rate scaling information not initialized yet.\n");
> il_sta = NULL;
Please also change to return here instead of setting il_sta to NULL.
And make D_RATE messages similar to il3945_rs_tx_status() i.e. :
if (!il_sta) {
D_RATE("leave: No STA il data to update!\n");
return;
}
/* Treat uninitialized rate scaling data same as non-existing. */
if (!rs_sta->il) {
D_RATE("leave: STA il data uninitialized!\n");
return;
}
Thanks
Stanislaw
next prev parent reply other threads:[~2026-01-07 7:44 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-07 7:10 [PATCH] iwlegacy: 3945-rs: fix possible null-pointer dereferences in il3945_rs_get_rate() Tuo Li
2026-01-07 7:44 ` Stanislaw Gruszka [this message]
2026-01-07 8:06 ` Stanislaw Gruszka
2026-01-07 8:16 ` Tuo Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260107074438.GA34085@wp.pl \
--to=stf_xl@wp.pl \
--cc=islituo@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.