From 405d8b3b1bff6df209af00d28a421a7dd5d7ae84 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 9 Aug 2017 10:50:29 -0700
Subject: [PATCH] 3.18-stable patches

added patches:
	wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch
---
 queue-3.18/series                             |  1 +
 ...-data-in-iwe_stream_add_point-better.patch | 45 +++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 queue-3.18/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch

diff --git a/queue-3.18/series b/queue-3.18/series
index 4337b2b5692..f6870d45c4e 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -79,3 +79,4 @@ sctp-don-t-dereference-ptr-before-leaving-_sctp_walk_-params-errors.patch
 sctp-fix-the-check-for-_sctp_walk_params-and-_sctp_walk_errors.patch
 net-phy-correctly-process-phy_halted-in-phy_stop_machine.patch
 xen-netback-correctly-schedule-rate-limited-queues.patch
+wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch
diff --git a/queue-3.18/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch b/queue-3.18/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch
new file mode 100644
index 00000000000..429bb2e111a
--- /dev/null
+++ b/queue-3.18/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch
@@ -0,0 +1,45 @@
+From 93be2b74279c15c2844684b1a027fdc71dd5d9bf Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Wed, 11 Jan 2017 15:35:25 +0100
+Subject: wext: handle NULL extra data in iwe_stream_add_point better
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 93be2b74279c15c2844684b1a027fdc71dd5d9bf upstream.
+
+gcc-7 complains that wl3501_cs passes NULL into a function that
+then uses the argument as the input for memcpy:
+
+drivers/net/wireless/wl3501_cs.c: In function 'wl3501_get_scan':
+include/net/iw_handler.h:559:3: error: argument 2 null where non-null expected [-Werror=nonnull]
+   memcpy(stream + point_len, extra, iwe->u.data.length);
+
+This works fine here because iwe->u.data.length is guaranteed to be 0
+and the memcpy doesn't actually have an effect.
+
+Making the length check explicit avoids the warning and should have
+no other effect here.
+
+Also check the pointer itself, since otherwise we get warnings
+elsewhere in the code.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/net/iw_handler.h |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/include/net/iw_handler.h
++++ b/include/net/iw_handler.h
+@@ -545,7 +545,8 @@ iwe_stream_add_point(struct iw_request_i
+ 		memcpy(stream + lcp_len,
+ 		       ((char *) &iwe->u) + IW_EV_POINT_OFF,
+ 		       IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN);
+-		memcpy(stream + point_len, extra, iwe->u.data.length);
++		if (iwe->u.data.length && extra)
++			memcpy(stream + point_len, extra, iwe->u.data.length);
+ 		stream += event_len;
+ 	}
+ 	return stream;
-- 
2.47.3