From: Lorenzo Bianconi <lorenzo@kernel.org>
Date: Tue, 27 Apr 2021 10:05:00 +0000 (+0200)
Subject: mt76: fix possible NULL pointer dereference in mt76_tx
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=d7400a2f3e295b8cee692c7a66e10f60015a3c37;p=linux.git

mt76: fix possible NULL pointer dereference in mt76_tx

Even if this is not a real issue since mt76_tx is never run with wcid set
to NULL, fix a theoretical NULL pointer dereference in mt76_tx routine

Fixes: db9f11d3433f7 ("mt76: store wcid tx rate info in one u32 reduce locking")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---

diff --git a/drivers/net/wireless/mediatek/mt76/tx.c b/drivers/net/wireless/mediatek/mt76/tx.c
index 70a830132a37f..5cc3e4d75c4f9 100644
--- a/drivers/net/wireless/mediatek/mt76/tx.c
+++ b/drivers/net/wireless/mediatek/mt76/tx.c
@@ -306,7 +306,7 @@ mt76_tx(struct mt76_phy *phy, struct ieee80211_sta *sta,
 		skb_set_queue_mapping(skb, qid);
 	}
 
-	if (!(wcid->tx_info & MT_WCID_TX_INFO_SET))
+	if (wcid && !(wcid->tx_info & MT_WCID_TX_INFO_SET))
 		ieee80211_get_tx_rates(info->control.vif, sta, skb,
 				       info->control.rates, 1);