qcacld-3.0: Check bssid number before access bssid array

If trigger reassociate to same AP with LFR2.0 enabled,
csrNeighborRoamProfile.BSSIDs will not be updated like roaming to
different AP. So we will hit null pointer access when calling
csr_roam_issue_disassociate() in this scenario if reassociate failed.

Check numOfBSSIDs before access array pointer BSSIDs.bssid, if it is
0 means we are doing reassociate to same AP, so must send disassociate
to connected bssid.

Change-Id: I06bac328a164432d6cc425b907a4ca29a78ca306
CRs-Fixed: 2765251

core/sme/src/csr/csr_api_roam.c

@@ -523,6 +523,7 @@ csr_roam_issue_disassociate(struct mac_context *mac, uint32_t sessionId,
 	struct qdf_mac_addr bssId = QDF_MAC_ADDR_BCAST_INIT;
 	uint16_t reasonCode;
 	struct csr_roam_session *pSession = CSR_GET_SESSION(mac, sessionId);
+	tpCsrNeighborRoamControlInfo p_nbr_roam_info;
 
 	if (!pSession) {
 		sme_err("session %d not found", sessionId);
@@ -541,13 +542,14 @@ csr_roam_issue_disassociate(struct mac_context *mac, uint32_t sessionId,
 	} else {
 		reasonCode = eSIR_MAC_UNSPEC_FAILURE_REASON;
 	}
-	if ((csr_roam_is_handoff_in_progress(mac, sessionId)) &&
-	    (NewSubstate != eCSR_ROAM_SUBSTATE_DISASSOC_HANDOFF)) {
-		tpCsrNeighborRoamControlInfo pNeighborRoamInfo =
-			&mac->roam.neighborRoamInfo[sessionId];
-		qdf_copy_macaddr(&bssId,
-			      pNeighborRoamInfo->csrNeighborRoamProfile.BSSIDs.
-			      bssid);
+
+	p_nbr_roam_info = &mac->roam.neighborRoamInfo[sessionId];
+	if (csr_roam_is_handoff_in_progress(mac, sessionId) &&
+	    NewSubstate != eCSR_ROAM_SUBSTATE_DISASSOC_HANDOFF &&
+	    p_nbr_roam_info->csrNeighborRoamProfile.BSSIDs.numOfBSSIDs) {
+		qdf_copy_macaddr(
+			&bssId,
+			p_nbr_roam_info->csrNeighborRoamProfile.BSSIDs.bssid);
 	} else if (pSession->pConnectBssDesc) {
 		qdf_mem_copy(&bssId.bytes, pSession->pConnectBssDesc->bssId,
 			     sizeof(struct qdf_mac_addr));