Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 99ac5327 authored by Lorenzo Bianconi's avatar Lorenzo Bianconi Committed by Kalle Valo
Browse files

mt76: fix possible NULL pointer dereferencing in mt76x2_ampdu_action() 



Initialize mt76_txq pointer after ieee80211_txq pointer check.
Remove space after the pointer cast

Fixes: 7bc04215 ("mt76: add driver code for MT76x2e")
Signed-off-by: default avatarLorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
parent 70c8de0c

drivers/net/wireless/mediatek/mt76/mt76x2_main.c

+3 −1
Original line number Diff line number Diff line
@@ -465,13 +465,15 @@ mt76x2_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 
	struct mt76x2_dev *dev = hw->priv;

	struct mt76x2_sta *msta = (struct mt76x2_sta *) sta->drv_priv;

	struct ieee80211_txq *txq = sta->txq[params->tid];

	struct mt76_txq *mtxq = (struct mt76_txq *) txq->drv_priv;

	u16 tid = params->tid;

	u16 *ssn = &params->ssn;

	struct mt76_txq *mtxq;



	if (!txq)

		return -EINVAL;



	mtxq = (struct mt76_txq *)txq->drv_priv;



	switch (action) {

	case IEEE80211_AMPDU_RX_START:

		mt76_set(dev, MT_WCID_ADDR(msta->wcid.idx) + 4, BIT(16 + tid));