1 files changed, 11 insertions, 3 deletions

diff --git a/drivers/net/wireless/ath/wil6210/cfg80211.c b/drivers/net/wireless/ath/wil6210/cfg80211.c
index 9a9d55b36dc3..a1e226652b4a 100644
--- a/drivers/net/wireless/ath/wil6210/cfg80211.c
+++ b/drivers/net/wireless/ath/wil6210/cfg80211.c
@@ -1580,6 +1580,12 @@ static int _wil_cfg80211_merge_extra_ies(const u8 *ies1, u16 ies1_len,
         u8 *buf, *dpos;
         const u8 *spos;
 
+        if (!ies1)
+                ies1_len = 0;
+
+        if (!ies2)
+                ies2_len = 0;
+
         if (ies1_len == 0 && ies2_len == 0) {
                 *merged_ies = NULL;
                 *merged_len = 0;
@@ -1589,17 +1595,19 @@ static int _wil_cfg80211_merge_extra_ies(const u8 *ies1, u16 ies1_len,
         buf = kmalloc(ies1_len + ies2_len, GFP_KERNEL);
         if (!buf)
                 return -ENOMEM;
-        memcpy(buf, ies1, ies1_len);
+        if (ies1)
+                memcpy(buf, ies1, ies1_len);
         dpos = buf + ies1_len;
         spos = ies2;
-        while (spos + 1 < ies2 + ies2_len) {
+        while (spos && (spos + 1 < ies2 + ies2_len)) {
                 /* IE tag at offset 0, length at offset 1 */
                 u16 ielen = 2 + spos[1];
 
                 if (spos + ielen > ies2 + ies2_len)
                         break;
                 if (spos[0] == WLAN_EID_VENDOR_SPECIFIC &&
-                    !_wil_cfg80211_find_ie(ies1, ies1_len, spos, ielen)) {
+                    (!ies1 || !_wil_cfg80211_find_ie(ies1, ies1_len,
+                                                     spos, ielen))) {
                         memcpy(dpos, spos, ielen);
                         dpos += ielen;
                 }