On Mon, 2 Feb 2026 20:33:26 +0100 [email protected] wrote: > From: Martin Spinler <[email protected]> > > The driver code has dereferenced the dev->data->rx_queues pointer > without checking for its validity. > Pointer invalidation can occur when the eth_dev_rx_queue_config > is called with set to 0, for example. > > Moreover, an array of pointers (to a structure) was used like array > of structures (which worked with early dereference just for one queue). > > Fixes: 6435f9a0ac22 ("net/nfb: add new netcope driver") > Cc: [email protected] > > Signed-off-by: Martin Spinler <[email protected]> > ---
AI found this potential issue: ERRORS (Must Fix) Patch 26: net/nfb: fix bad pointer access in queue stats NULL pointer dereference risk In nfb_eth_stats_get() and nfb_eth_stats_reset(), the patch correctly fixes the array-of-pointers vs array-of-structures bug, but introduces a new issue: it dereferences dev->data->rx_queues[i] and dev->data->tx_queues[i] without NULL checks. The queues array can contain NULL pointers if a queue is not configured. The original buggy code had an early dereference that would have caught this, but the fixed version will crash on the first access to rx_queue->rx_pkts if the queue pointer is NULL. I added a simple check, since fixing it takes less time than another patch cycle...
