summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRajesh Chauhan <rajeshc@codeaurora.org>2017-10-08 16:10:59 -0700
committersnandini <snandini@codeaurora.org>2017-10-09 04:39:54 -0700
commitc99a1cf0f00c6cf852fb7fe1abda903e24bb5242 (patch)
tree2284f0b577be205f50dedfb2a2659e728c96b232
parent3d251e063a39a551356fb715c9103209f2a9aa76 (diff)
qcacld-3.0: Fix null pointer dereference in wma_scan_event_callback
Check for vdev id in wma_scan_event_callback is done before initializing wmi_event. Move this check after initialization of wmi_event. Change-Id: I091226979ce71274779d350b353fdd4d29040457 CRs-Fixed: 2122957
-rw-r--r--core/wma/src/wma_scan_roam.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c
index 0ccdb8be8e8b..6aac284c497b 100644
--- a/core/wma/src/wma_scan_roam.c
+++ b/core/wma/src/wma_scan_roam.c
@@ -6113,13 +6113,14 @@ int wma_scan_event_callback(WMA_HANDLE handle, uint8_t *data,
uint8_t vdev_id;
uint32_t scan_id;
+ param_buf = (WMI_SCAN_EVENTID_param_tlvs *) data;
+ wmi_event = param_buf->fixed_param;
+
if (wmi_event->vdev_id >= wma_handle->max_bssid) {
WMA_LOGE("Invalid vdev id from firmware");
return -EINVAL;
}
- param_buf = (WMI_SCAN_EVENTID_param_tlvs *) data;
- wmi_event = param_buf->fixed_param;
vdev_id = wmi_event->vdev_id;
scan_id = wma_handle->interfaces[vdev_id].scan_info.scan_id;