misc/163724: [PATCH] NULL check before dereference

[Philippe Saint-Pierre]

>Number:         163724
>Category:       misc
>Synopsis:       [PATCH] NULL check before dereference
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 30 22:10:12 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Philippe Saint-Pierre
>Release:        patch made against 8.1 (I think)
>Organization:
Haiku
>Environment:
>Description:
In the Marvell wifi driver, there are dereferences attempts occuring before the NULL check.
>How-To-Repeat:

>Fix:
Patch included.  Basically moves the NULL check to before any dereferences attempts.

Patch attached with submission follows:

--- mwlhal-orig.c	2011-12-30 12:49:08.807786944 -0500
+++ sys/dev/mwl/mwlhal.c	2011-12-30 12:50:57.787782085 -0500
@@ -1440,15 +1440,20 @@
 	}
 	sp = &mh->mh_streams[s];
 	mh->mh_bastreams &= ~(1<<s);
-	sp->public.data[0] = a1;
-	sp->public.data[1] = a2;
-	IEEE80211_ADDR_COPY(sp->macaddr, Macaddr);
-	sp->tid = Tid;
-	sp->paraminfo = ParamInfo;
-	sp->setup = 0;
-	sp->ba_policy = ba_policy;
-	MWL_HAL_UNLOCK(mh);
-	return sp != NULL ? &sp->public : NULL;
+	if (sp != NULL) {
+		sp->public.data[0] = a1;
+		sp->public.data[1] = a2;
+		IEEE80211_ADDR_COPY(sp->macaddr, Macaddr);
+		sp->tid = Tid;
+		sp->paraminfo = ParamInfo;
+		sp->setup = 0;
+		sp->ba_policy = ba_policy;
+		MWL_HAL_UNLOCK(mh);
+		return &sp->public;
+	} else {
+		MWL_HAL_UNLOCK(mh);
+		return NULL;
+	}
 }
 
 const MWL_HAL_BASTREAM *


>Release-Note:
>Audit-Trail:
>Unformatted: