diff options
| author | Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu@intel.com> | 2025-06-09 21:35:14 +0300 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2025-07-09 11:42:16 +0200 |
| commit | a066917360ed5000c4f73fb190773cfac004c885 (patch) | |
| tree | 852787b43d6b4d4620f1f78afd638402bf062a31 | |
| parent | 5300e5e24b8122ba3f60ce455e968379434f322e (diff) | |
wifi: mac80211: Fix uninitialized variable with __free() in ieee80211_ml_epcs()
The cleanup attribute runs kfree() when the variable goes out of scope.
There is a possibility that the link_elems variable is uninitialized
if the loop ends before an assignment is made to this variable.
This leads to uninitialized variable bug.
Fix this by assigning link_elems to NULL.
Signed-off-by: Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20250609213231.eeacd3738a7b.I0f876fa1359daeec47ab3aef098255a9c23efd70@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| -rw-r--r-- | net/mac80211/mlme.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index d26dcee5683a..0ed68182f79b 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -10705,8 +10705,8 @@ static void ieee80211_ml_epcs(struct ieee80211_sub_if_data *sdata, */ for_each_mle_subelement(sub, (const u8 *)elems->ml_epcs, elems->ml_epcs_len) { + struct ieee802_11_elems *link_elems __free(kfree) = NULL; struct ieee80211_link_data *link; - struct ieee802_11_elems *link_elems __free(kfree); u8 *pos = (void *)sub->data; u16 control; ssize_t len; |