From ec14121931a24f8d3678b8a9c408adee3b21d465 Mon Sep 17 00:00:00 2001
From: Colin Ian King <colin.king@canonical.com>
Date: Wed, 20 Sep 2017 18:34:18 +0100
Subject: [PATCH] staging: rtl8723bs: avoid null pointer dereference on pmlmepriv
Git-commit: ec14121931a24f8d3678b8a9c408adee3b21d465
Patch-mainline: v4.14-rc4
References: bsc#1051510
There is a check to see if pmlmepriv is null before vfree'ing
pmlmepriv->free_bss_buf hence implying pmlmepriv could potenially be
null. However, a previous call to rtw_free_mlme_priv_ie_data
can also dereference pmlmepriv, so move this call so that it is only
called if pmlmepriv non-null.
Detected by CoverityScan, CID#1077739 ("Dereference before null check")
Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Takashi Iwai <tiwai@suse.de>
---
drivers/staging/rtl8723bs/core/rtw_mlme.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/staging/rtl8723bs/core/rtw_mlme.c
+++ b/drivers/staging/rtl8723bs/core/rtw_mlme.c
@@ -119,9 +119,8 @@ void rtw_free_mlme_priv_ie_data(struct m
void _rtw_free_mlme_priv(struct mlme_priv *pmlmepriv)
{
- rtw_free_mlme_priv_ie_data(pmlmepriv);
-
if (pmlmepriv) {
+ rtw_free_mlme_priv_ie_data(pmlmepriv);
if (pmlmepriv->free_bss_buf) {
vfree(pmlmepriv->free_bss_buf);
}