Bluetooth: Fix invalid-free in bcsp_close() (03bf4876) · Commits · e / devices / android_kernel_xiaomi_nabu

drivers/bluetooth/hci_bcsp.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -606,6 +606,7 @@ static int bcsp_recv(struct hci_uart hu, const void data, int count)
		if (*ptr == 0xc0) {
		BT_ERR("Short BCSP packet");
		kfree_skb(bcsp->rx_skb);
		bcsp->rx_skb = NULL;
		bcsp->rx_state = BCSP_W4_PKT_START;
		bcsp->rx_count = 0;
		} else
		@@ -621,6 +622,7 @@ static int bcsp_recv(struct hci_uart hu, const void data, int count)
		bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
		BT_ERR("Error in BCSP hdr checksum");
		kfree_skb(bcsp->rx_skb);
		bcsp->rx_skb = NULL;
		bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
		bcsp->rx_count = 0;
		continue;
		@@ -645,6 +647,7 @@ static int bcsp_recv(struct hci_uart hu, const void data, int count)
		bscp_get_crc(bcsp));

		kfree_skb(bcsp->rx_skb);
		bcsp->rx_skb = NULL;
		bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
		bcsp->rx_count = 0;
		continue;