drivers/staging/rtl8712/rtl871x_mlme.c: eliminate a null pointer dereference
authorJulia Lawall <julia@diku.dk>
Fri, 28 Oct 2011 23:58:13 +0000 (01:58 +0200)
committerGreg Kroah-Hartman <gregkh@suse.de>
Sun, 27 Nov 2011 01:19:23 +0000 (17:19 -0800)
If ibss_wlan is NULL, it is not correct to memcpy into its field.

The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@r@
expression E, E1;
identifier f;
statement S1,S2,S3;
@@

if (E == NULL)
{
  ... when != if (E == NULL || ...) S1 else S2
      when != E = E1
*E->f
  ... when any
  return ...;
}
else S3
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/staging/rtl8712/rtl871x_mlme.c

index ef8eb6c..4277d03 100644 (file)
@@ -551,7 +551,7 @@ void r8712_survey_event_callback(struct _adapter *adapter, u8 *pbuf)
                        ibss_wlan = r8712_find_network(
                                                &pmlmepriv->scanned_queue,
                                                pnetwork->MacAddress);
-                       if (!ibss_wlan) {
+                       if (ibss_wlan) {
                                memcpy(ibss_wlan->network.IEs,
                                        pnetwork->IEs, 8);
                                goto exit;