Page MenuHomeFreeBSD
Differential D54547

wtap: Remove bogus NULL check in wtap_transmit
ClosedPublic
Actions

Authored by enweiwu on Jan 6 2026, 12:40 AM.
Tags
Referenced Files
Unknown Object (File)
Thu, Jun 4, 11:14 AM
Unknown Object (File)
Thu, Jun 4, 9:25 AM
Unknown Object (File)
May 17 2026, 10:35 AM
Unknown Object (File)
May 17 2026, 12:52 AM
Unknown Object (File)
May 16 2026, 6:57 PM
Unknown Object (File)
May 13 2026, 5:25 PM
Unknown Object (File)
Apr 27 2026, 4:53 PM
Unknown Object (File)
Apr 27 2026, 11:43 AM
View All 40 Files
Subscribers
enweiwu
imp
wireless

Details

Reviewers
adrian
bz
Group Reviewers
wireless
Commits
rG9ef75e05ba91: wtap: Remove bogus NULL check in wtap_transmit
Summary

The node pointer is guaranteed to be non-NULL by the net80211 stack.

The original check was also ineffective as it dereferenced ni->ni_vap before the NULL check.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

enweiwu created this revision.Jan 6 2026, 12:40 AM
Herald added a subscriber: imp. · View Herald TranscriptJan 6 2026, 12:40 AM
enweiwu requested review of this revision.Jan 6 2026, 12:40 AM
bz added a comment.Jan 6 2026, 12:50 AM

Can you please create diffs with -U9999 if you manually upload them so there is context?

bz requested changes to this revision.Jan 6 2026, 12:56 AM
bz added inline comments.
sys/dev/wtap/if_wtap.c
594

The assumption that this can happen seems wrong. This should probably be a MPASS(ni != NULL); and we should be done with it.

Ignoring this for a minute if you look at ieee80211_parent_xmitpkt() which calls ic->ic_transmit you'll see that in the error case it does the cleanup (which does depend on the ni being valid) so be careful if you already free the mbuf (likely wrong). This is different to (*ic_raw_xmit) where you'd need to free the mbuf.

This revision now requires changes to proceed.Jan 6 2026, 12:56 AM
enweiwu marked an inline comment as done.Jan 6 2026, 8:15 PM
enweiwu added inline comments.
sys/dev/wtap/if_wtap.c
594

So, turns out the NULL check on the node ni is unnecessary in the first place. Let me revise the commit by removing the NULL check on the node ni.

enweiwu updated this revision to Diff 169210.Jan 6 2026, 8:18 PM
enweiwu marked an inline comment as done.
enweiwu retitled this revision from wtap(4): Fix NULL pointer dereference in wtap_transmit to wtap: Remove bogus NULL check in wtap_transmit.
enweiwu edited the summary of this revision. (Show Details)
bz accepted this revision.Mon, May 18, 5:55 PM
This revision is now accepted and ready to land.Mon, May 18, 5:55 PM
Closed by commit rG9ef75e05ba91: wtap: Remove bogus NULL check in wtap_transmit (authored by enweiwu, committed by adrian). · Explain WhyTue, Jun 16, 2:58 PM
This revision was automatically updated to reflect the committed changes.
adrian added a commit: rG9ef75e05ba91: wtap: Remove bogus NULL check in wtap_transmit.

Revision Contents
Changeset List

PathSize
sys/
dev/
wtap/
8 lines

Diff 179872

View Options

sys/dev/wtap/if_wtap.c

Loading...