wext: handle NULL extra data in iwe_stream_add_point better

commit 93be2b74279c15c2844684b1a027fdc71dd5d9bf upstream.

gcc-7 complains that wl3501_cs passes NULL into a function that
then uses the argument as the input for memcpy:

drivers/net/wireless/wl3501_cs.c: In function 'wl3501_get_scan':
include/net/iw_handler.h:559:3: error: argument 2 null where non-null expected [-Werror=nonnull]
   memcpy(stream + point_len, extra, iwe->u.data.length);

This works fine here because iwe->u.data.length is guaranteed to be 0
and the memcpy doesn't actually have an effect.

Making the length check explicit avoids the warning and should have
no other effect here.

Also check the pointer itself, since otherwise we get warnings
elsewhere in the code.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/include/net/iw_handler.h b/include/net/iw_handler.h
index 5d5a6a4732effd8865918fe31c390c5067505534..5af07a1ab0c2b560da196669d76d25e92c650e42 100644 (file)
--- a/include/net/iw_handler.h
+++ b/include/net/iw_handler.h
@@ -551,7 +551,8 @@ iwe_stream_add_point(struct iw_request_info *info, char *stream, char *ends,
                memcpy(stream + lcp_len,
                       ((char *) &iwe->u) + IW_EV_POINT_OFF,
                       IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN);
-               memcpy(stream + point_len, extra, iwe->u.data.length);
+               if (iwe->u.data.length && extra)
+                       memcpy(stream + point_len, extra, iwe->u.data.length);
                stream += event_len;
        }
        return stream;