qcacld-3.0: Possible NULL Pointer Dereference in wma_send_bcn_buf_ll
While handling the WMI_HOST_SWBA_EVENTID WMI FW event, driver invokes
corresponding wma handler wma_beacon_swba_handler. The event argument
comes directly from the FW. Towards the end of the function,
wma_beacon_swba_handler invokes wma_send_bcn_buf_ll and passes the
original TLV structure, param_buf, as an argument. wma_send_bcn_buf_ll
pull tim_info and p2p_noa_info from the param_buf structure. These
structures can be optionally defined in the message with zero length
resulting in them being NULL pointers. Later, throughout the function
they are then deferenced without every checking if they are in fact NULL.
Fix is to make sure in wma_send_bcn_buf_ll, param_buf->tim_info and
param_buf->p2p_noa_info dereferenced only after NULL check.
Change-Id: Ic27b59dd35f74413e9a978627047855e655b9ed1
CRs-Fixed: 2331956
1 file changed