On Wed, 2025-07-02 at 21:55 +0530, Sarika Sharma wrote: > Currently, cfg80211_sinfo_release_content() frees dynamically > allocated memory but does not reset the associated pointers. > This results in double free issues in nl80211_dump_station(), > where both link_sinfo and link_sinfo->pertid are released twice, > once after the send_station() call and again in the error handling path. > > Hence, to fix accidental dereferencing of dangling pointers, explicitly > set the freed pointers to NULL. > Do we have to fix it this way? It feels like perhaps it should rather be fixed by only having one call to cfg80211_sinfo_release_content() in each path. johannes
