diff options
| author | jitiphil <jitiphil@codeaurora.org> | 2018-05-31 13:15:20 +0530 |
|---|---|---|
| committer | nshrivas <nshrivas@codeaurora.org> | 2018-06-01 18:34:43 -0700 |
| commit | 3e793ff4e27991a8577f99b97f2d4a2a1a335cd7 (patch) | |
| tree | 311337e943fa8b46faf4d13956a3310bd3874b96 | |
| parent | 19fee33b1dfd6069fc970b552dc18d9d01a22d6d (diff) | |
qcacmn: NULL pointer dereference in htc_issue_packets()
Inside htc_issue_packets() if the HTC frame header
associated with a packet is NULL, a NULL pointer dereference
can occur.
Add check to verify that HTC frame header is not NULL before
dereferencing.
Change-Id: I4169035286b582a91e5963c20a11c8ad0f375d17
Crs-Fixed: 2232846
| -rw-r--r-- | htc/htc_send.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/htc/htc_send.c b/htc/htc_send.c index dffc74a736ea..c6d80c0949ac 100644 --- a/htc/htc_send.c +++ b/htc/htc_send.c @@ -607,7 +607,14 @@ static QDF_STATUS htc_issue_packets(HTC_TARGET *target, pHtcHdr = (HTC_FRAME_HDR *) qdf_nbuf_get_frag_vaddr(netbuf, 0); - AR_DEBUG_ASSERT(pHtcHdr); + if (qdf_unlikely(!pHtcHdr)) { + AR_DEBUG_PRINTF(ATH_DEBUG_ERR, + ("%s Invalid pHtcHdr\n", + __func__)); + AR_DEBUG_ASSERT(pHtcHdr); + status = QDF_STATUS_E_FAILURE; + break; + } HTC_WRITE32(pHtcHdr, SM(payloadLen, |