mt76x2: fix possible NULL pointer dereferencing in mt76x2_ampdu_action()

Initialize mt76_txq pointer after ieee80211_txq pointer check. Remove space after the pointer cast Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e") Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
openwrt · Dec 14, 2017 · ca5ca8c · ca5ca8c
1 parent cf4a5ce
commit ca5ca8c
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/mt76x2_main.c b/mt76x2_main.c
@@ -466,13 +466,15 @@ mt76x2_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
 	struct mt76x2_dev *dev = hw->priv;
 	struct mt76x2_sta *msta = (struct mt76x2_sta *) sta->drv_priv;
 	struct ieee80211_txq *txq = sta->txq[params->tid];
-	struct mt76_txq *mtxq = (struct mt76_txq *) txq->drv_priv;
 	u16 tid = params->tid;
 	u16 *ssn = &params->ssn;
+	struct mt76_txq *mtxq;
 
 	if (!txq)
 		return -EINVAL;
 
+	mtxq = (struct mt76_txq *)txq->drv_priv;
+
 	switch (action) {
 	case IEEE80211_AMPDU_RX_START:
 		mt76_set(dev, MT_WCID_ADDR(msta->wcid.idx) + 4, BIT(16 + tid));