qcacmn: NULL pointer dereference in free_htc_bundle_packet()
Inside free_htc_bundle_packet() if the HTC packet queue
associated with a packet is NULL, a NULL pointer dereference
can occur.
Add check to verify that HTC packet queue is not NULL before
dereferencing.
Change-Id: I1965a66de74b8954fdc59733e5ef86120f4f8898
Crs-Fixed: 2232839
diff --git a/htc/htc_send.c b/htc/htc_send.c
index d9a769f..baaed14 100644
--- a/htc/htc_send.c
+++ b/htc/htc_send.c
@@ -230,9 +230,13 @@
/* restore queue */
pQueueSave = (HTC_PACKET_QUEUE *) pPacket->pContext;
- AR_DEBUG_ASSERT(pQueueSave);
-
- INIT_HTC_PACKET_QUEUE(pQueueSave);
+ if (qdf_unlikely(!pQueueSave)) {
+ AR_DEBUG_PRINTF(ATH_DEBUG_ERR,
+ ("\n%s: Invalid pQueueSave in HTC Packet\n",
+ __func__));
+ AR_DEBUG_ASSERT(pQueueSave);
+ } else
+ INIT_HTC_PACKET_QUEUE(pQueueSave);
LOCK_HTC_TX(target);
if (target->pBundleFreeList == NULL) {