linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 2.6.36] ath5k: check return value of ieee80211_get_tx_rate
@ 2010-08-24 19:27 John W. Linville
  2010-08-24 21:38 ` Bob Copeland
  0 siblings, 1 reply; 3+ messages in thread
From: John W. Linville @ 2010-08-24 19:27 UTC (permalink / raw)
  To: linux-wireless; +Cc: John W. Linville, stable

This avoids a NULL pointer dereference as reported here:

	https://bugzilla.redhat.com/show_bug.cgi?id=625889

When the WARN condition is hit in ieee80211_get_tx_rate, it will return
NULL.  So, we need to check the return value and avoid dereferencing it
in that case.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Cc: stable@kernel.org
---
Of course, the better question is why are we hitting that condition at
all...?

 drivers/net/wireless/ath/ath5k/base.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/drivers/net/wireless/ath/ath5k/base.c b/drivers/net/wireless/ath/ath5k/base.c
index 373dcfe..c7720e4 100644
--- a/drivers/net/wireless/ath/ath5k/base.c
+++ b/drivers/net/wireless/ath/ath5k/base.c
@@ -1327,6 +1327,8 @@ ath5k_txbuf_setup(struct ath5k_softc *sc, struct ath5k_buf *bf,
 			PCI_DMA_TODEVICE);
 
 	rate = ieee80211_get_tx_rate(sc->hw, info);
+	if (!rate)
+		goto err_unmap;
 
 	if (info->flags & IEEE80211_TX_CTL_NO_ACK)
 		flags |= AR5K_TXDESC_NOACK;
-- 
1.7.2.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-08-25 13:59 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-24 19:27 [PATCH 2.6.36] ath5k: check return value of ieee80211_get_tx_rate John W. Linville
2010-08-24 21:38 ` Bob Copeland
2010-08-25 13:46   ` John W. Linville

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).