qcacld-3.0: Fix possible double free in lim_handle_delete_bss_rsp

When disconnect is issued from userspace, lim_del_bss is invoked
and vdev stop is sent to firmware. If sending vdev stop fails,
WMA_DELETE_BSS_RSP is posted with failure. If an SSR is
happening during this time, then cds_mc_thread is preempted, and
as part of the pld uevent vdev resp queue cleanup is done . In
this path, lim_process_sta_mlm_del_bss_rsp is called and
msg->bodyptr is freed and pe session is deleted. After pld
uevent execution, the delete bss response processing in
cds_mc_thread as part of user space disconnect resumes and tries
to free the msg->bodyptr again. This results in double free.
Set msg->bodyptr to NULL after freeing the memory.

Change-Id: I851a5ddcae47cffe450dffafa31570895620bd9c
CRs-Fixed: 2332677

0 files changed, 0 insertions, 0 deletions