From: Gabor Juhos Date: Wed, 14 Jan 2009 19:17:11 +0000 (+0100) Subject: ath9k: fix null pointer dereference in ani monitor code X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=9950688263dcd74560582f590d270728f4e92ed0;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git ath9k: fix null pointer dereference in ani monitor code In 'ath9k_ani_reset' the 'ahp->ah_curani' will be initialized only if 'DO_ANI(ah)' true. In 'ath9k_hw_ani_monitor' we are using 'ahp->ah_curani' unconditionally, and it will cause a NULL pointer dereference on AR9100. Changes-licensed-under: ISC Signed-off-by: Gabor Juhos Signed-off-by: Imre Kaloz Tested-by: Pavel Roskin Signed-off-by: John W. Linville --- diff --git a/drivers/net/wireless/ath9k/ani.c b/drivers/net/wireless/ath9k/ani.c index 4dd086073ad9..42197fff2a47 100644 --- a/drivers/net/wireless/ath9k/ani.c +++ b/drivers/net/wireless/ath9k/ani.c @@ -551,6 +551,9 @@ void ath9k_hw_ani_monitor(struct ath_hal *ah, struct ar5416AniState *aniState; int32_t listenTime; + if (!DO_ANI(ah)) + return; + aniState = ahp->ah_curani; ahp->ah_stats.ast_nodestats = *stats; @@ -610,9 +613,6 @@ void ath9k_hw_ani_monitor(struct ath_hal *ah, aniState->cckPhyErrCount = cckPhyErrCnt; } - if (!DO_ANI(ah)) - return; - if (aniState->listenTime > 5 * ahp->ah_aniPeriod) { if (aniState->ofdmPhyErrCount <= aniState->listenTime * aniState->ofdmTrigLow / 1000 &&