rtw88: fix potential NULL pointer access for firmware

Driver could access a NULL firmware pointer if we don't
return here.

Fixes: 5195b90426409 ("rtw88: avoid FW info flood")
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Yan-Hsuan Chuang <yhchuang@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/realtek/rtw88/main.c b/drivers/net/wireless/realtek/rtw88/main.c
index 021668f..de82d08 100644 (file)
--- a/drivers/net/wireless/realtek/rtw88/main.c
+++ b/drivers/net/wireless/realtek/rtw88/main.c
@@ -1024,8 +1024,10 @@ static void rtw_load_firmware_cb(const struct firmware *firmware, void *context)
        struct rtw_fw_state *fw = &rtwdev->fw;
        const struct rtw_fw_hdr *fw_hdr;
 
-       if (!firmware)
+       if (!firmware || !firmware->data) {
                rtw_err(rtwdev, "failed to request firmware\n");
+               return;
+       }
 
        fw_hdr = (const struct rtw_fw_hdr *)firmware->data;
        fw->h2c_version = le16_to_cpu(fw_hdr->h2c_fmt_ver);