qcacld-2.0: Fix potential double free in wma_log_supported_evt_handler

propagation from qcacld-3.0 to qcacld-2.0 In wma_log_supported_evt_handler, events_logs_list in wma handle is freed if previously allocated. If the num_of_diag_events_logs exceeds the max size, we exit from the function early without allocating memory for events_logs_list. This can result in potential double free scenario if we receive another DIAG_EVENT_LOG_SUPPORTED event from firmware. Fix is to set events_logs_list pointer to NULL after freeing memory. Change-Id: I9d6148dfc064d87e2947d1b5ec4492c08913dd4c CRs-Fixed: 2482603
author: Paul Zhang <paulz@codeaurora.org> 2019-07-04 10:47:20 +0800
committer: Paul Zhang <paulz@codeaurora.org> 2019-07-04 10:47:20 +0800
commit: fbcc8ccccc9456a3baf59e1d8158d844cb2df37c (patch)
tree: 706a05e60f2b4b80eee391f935d5673221d554be
parent: f66a9554da973ef80498e3f0a6547fa31a7b9872 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/CORE/SERVICES/WMA/wma.c b/CORE/SERVICES/WMA/wma.c
index 18a48f942f35..ecc48eead24f 100644
--- a/CORE/SERVICES/WMA/wma.c
+++ b/CORE/SERVICES/WMA/wma.c
@@ -23820,8 +23820,10 @@ static int wma_log_supported_evt_handler(void *handle,
 	}
 
 	/* Free any previous allocation */
-	if (wma->events_logs_list)
+	if (wma->events_logs_list) {
 		vos_mem_free(wma->events_logs_list);
+		wma->events_logs_list = NULL;
+	}
 
 	/* Store the event list for run time enable/disable */
 	wma->events_logs_list = vos_mem_malloc(num_of_diag_events_logs *
author	Paul Zhang <paulz@codeaurora.org>	2019-07-04 10:47:20 +0800
committer	Paul Zhang <paulz@codeaurora.org>	2019-07-04 10:47:20 +0800
commit	fbcc8ccccc9456a3baf59e1d8158d844cb2df37c (patch)
tree	706a05e60f2b4b80eee391f935d5673221d554be
parent	f66a9554da973ef80498e3f0a6547fa31a7b9872 (diff)