ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1897

User:	Jiri Slaby
Error type:	Invalid Pointer Dereference
Error type description:	A pointer which is invalid is being dereferenced
File location:	net/mac80211/rx.c
Line in file:	1438
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Smatch (1.59)
Entered:	2013-09-11 08:47:26 UTC

Source:

1408                mppath = mpp_path_lookup(mesh_hdr->eaddr2, sdata);
1409                if (!mppath) {
1410                        mpp_path_add(mesh_hdr->eaddr2, hdr->addr4, sdata);
1411                } else {
1412                        spin_lock_bh(&mppath->state_lock);
1413                        mppath->exp_time = jiffies;
1414                        if (compare_ether_addr(mppath->mpp, hdr->addr4) != 0)
1415                                memcpy(mppath->mpp, hdr->addr4, ETH_ALEN);
1416                        spin_unlock_bh(&mppath->state_lock);
1417                }
1418                rcu_read_unlock();
1419        }
1420
1421        if (compare_ether_addr(rx->dev->dev_addr, hdr->addr3) == 0)
1422                return RX_CONTINUE;
1423
1424        mesh_hdr->ttl--;
1425
1426        if (rx->flags & IEEE80211_RX_RA_MATCH) {
1427                if (!mesh_hdr->ttl)
1428                        IEEE80211_IFSTA_MESH_CTR_INC(&rx->sdata->u.mesh,
1429                                                     dropped_frames_ttl);
1430                else {
1431                        struct ieee80211_hdr *fwd_hdr;
1432                        fwd_skb = skb_copy(skb, GFP_ATOMIC);
1433
1434                        if (!fwd_skb && net_ratelimit())
1435                                printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
1436                                                   rx->dev->name);
1437
1438                        fwd_hdr =  (struct ieee80211_hdr *) fwd_skb->data;
1439                        /*
1440                         * Save TA to addr1 to send TA a path error if a
1441                         * suitable next hop is not found
1442                         */
1443                        memcpy(fwd_hdr->addr1, fwd_hdr->addr2, ETH_ALEN);
1444                        memcpy(fwd_hdr->addr2, rx->dev->dev_addr, ETH_ALEN);
1445                        fwd_skb->dev = rx->local->mdev;
1446                        fwd_skb->iif = rx->dev->ifindex;
1447                        dev_queue_xmit(fwd_skb);
1448                }

Show full sources