Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5c8443b7 authored by Manikandan Mohan's avatar Manikandan Mohan Committed by nshrivas
Browse files

qcacmn: Fix NULL pointer dereference in qdf_nbuf_free 

Move network buffer null check to beginning of function to
cover possible case of null pointer dereference during free.

Change-Id: I8c998d4d1711ab28c94a946d04314c26a4c74278
CRs-fixed: 2309452
parent 77998437

qdf/inc/qdf_nbuf.h

+2 −1
Original line number Diff line number Diff line
@@ -1189,6 +1189,7 @@ qdf_nbuf_alloc(qdf_device_t osdev, 


static inline void qdf_nbuf_free(qdf_nbuf_t buf)

{

	if (qdf_likely(buf))

		__qdf_nbuf_free(buf);

}

qdf/linux/src/qdf_nbuf.c

+6 −5
Original line number Diff line number Diff line
@@ -2661,15 +2661,16 @@ qdf_export_symbol(qdf_nbuf_alloc_debug); 


void qdf_nbuf_free_debug(qdf_nbuf_t nbuf, uint8_t *file, uint32_t line)

{

	if (qdf_unlikely(!nbuf))

		return;



	if (qdf_nbuf_is_tso(nbuf) && qdf_nbuf_get_users(nbuf) > 1)

		goto free_buf;



	/* Remove SKB from internal QDF tracking table */

	if (qdf_likely(nbuf)) {

	qdf_nbuf_panic_on_free_if_mapped(nbuf, file, line);

	qdf_net_buf_debug_delete_node(nbuf);

	qdf_nbuf_history_add(nbuf, file, line, QDF_NBUF_FREE);

	}



free_buf:

	__qdf_nbuf_free(nbuf);