qcacld-3.0: Rectify possible scenario of double free
Presently in the driver, in function hdd_objmgr_create_and_store_vdev
the vdev object is created and stored. In case the creation of the vdev
fails due to some reason, the corresponding error condition tries to
free the osif_priv pointer. This osif_free pointer is actually already
freed as a part of vdev_obj_delete -> vdev_release_ref -> vdev_obj_free.
As this is already freed, a possible double free scenario can occur in
the original error handling scenario.
To avoid this scenario, do not free the osif_priv pointer in the error
handling as it is already taken care in the caller.
Change-Id: I7fc7be187ce1e303c81da885a75c600a7b6c4b3e
CRs-Fixed: 2507432
diff --git a/core/hdd/src/wlan_hdd_object_manager.c b/core/hdd/src/wlan_hdd_object_manager.c
index c0bba06..4f8ddb8 100644
--- a/core/hdd/src/wlan_hdd_object_manager.c
+++ b/core/hdd/src/wlan_hdd_object_manager.c
@@ -257,7 +257,6 @@
if (!vdev) {
hdd_err("Failed to create vdev object");
errno = -ENOMEM;
- qdf_mem_free(osif_priv);
return errno;
}