qcacld-3.0: add NULL check and drop rx indication for a frame
qcacld-2.0 to qcacld-3.0 propagation
Add check to handle kernel NULL pointer dereference
during calling ol_rx_reorder_release.
Change-Id: If0367e0a7910d7ee460709fc8ae25ecc6de3485d
CRs-Fixed: 994435
diff --git a/core/dp/txrx/ol_rx_reorder.c b/core/dp/txrx/ol_rx_reorder.c
index 9711260..2572ccd 100644
--- a/core/dp/txrx/ol_rx_reorder.c
+++ b/core/dp/txrx/ol_rx_reorder.c
@@ -82,7 +82,6 @@
/*---*/
/* reorder array elements are known to be non-NULL */
-#define OL_RX_REORDER_PTR_CHECK(ptr) /* no-op */
#define OL_RX_REORDER_LIST_APPEND(head_msdu, tail_msdu, rx_reorder_array_elem) \
do { \
if (tail_msdu) { \
@@ -262,15 +261,14 @@
head_msdu = rx_reorder_array_elem->head;
tail_msdu = rx_reorder_array_elem->tail;
rx_reorder_array_elem->head = rx_reorder_array_elem->tail = NULL;
- OL_RX_REORDER_PTR_CHECK(head_msdu) {
+ if (head_msdu)
OL_RX_REORDER_MPDU_CNT_DECR(&peer->tids_rx_reorder[tid], 1);
- }
idx = (idx_start + 1);
OL_RX_REORDER_IDX_WRAP(idx, win_sz, win_sz_mask);
while (idx != idx_end) {
rx_reorder_array_elem = &peer->tids_rx_reorder[tid].array[idx];
- OL_RX_REORDER_PTR_CHECK(rx_reorder_array_elem->head) {
+ if (rx_reorder_array_elem->head) {
OL_RX_REORDER_MPDU_CNT_DECR(&peer->tids_rx_reorder[tid],
1);
OL_RX_REORDER_LIST_APPEND(head_msdu, tail_msdu,
@@ -282,7 +280,7 @@
idx++;
OL_RX_REORDER_IDX_WRAP(idx, win_sz, win_sz_mask);
}
- OL_RX_REORDER_PTR_CHECK(head_msdu) {
+ if (head_msdu) {
uint16_t seq_num;
htt_pdev_handle htt_pdev = vdev->pdev->htt_pdev;