samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Fix NULL pointer dereference in qdf_nbuf_free

Browse Source 
Move network buffer null check to beginning of function to
cover possible case of null pointer dereference during free.

Change-Id: I8c998d4d1711ab28c94a946d04314c26a4c74278
CRs-fixed: 2309452
This commit is contained in:
Manikandan Mohan
2018-09-11 11:23:51 -07:00
committed by nshrivas
parent 8a32229408
commit 33cfb578b0
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
qdf/inc/qdf_nbuf.h
View File

@@ -1336,7 +1336,8 @@ qdf_nbuf_alloc_fl(qdf_device_t osdev, qdf_size_t size, int reserve, int align,
static inline void qdf_nbuf_free(qdf_nbuf_t buf) static inline void qdf_nbuf_free(qdf_nbuf_t buf)
{ {
__qdf_nbuf_free(buf); if (qdf_likely(buf))
__qdf_nbuf_free(buf);
} }
/** /**

11
qdf/linux/src/qdf_nbuf.c
View File

@@ -2652,15 +2652,16 @@ qdf_export_symbol(qdf_nbuf_alloc_debug);
void qdf_nbuf_free_debug(qdf_nbuf_t nbuf, uint8_t *file, uint32_t line) void qdf_nbuf_free_debug(qdf_nbuf_t nbuf, uint8_t *file, uint32_t line)
{ {
if (qdf_unlikely(!nbuf))
return;
if (qdf_nbuf_is_tso(nbuf) && qdf_nbuf_get_users(nbuf) > 1) if (qdf_nbuf_is_tso(nbuf) && qdf_nbuf_get_users(nbuf) > 1)
goto free_buf; goto free_buf;
/* Remove SKB from internal QDF tracking table */ /* Remove SKB from internal QDF tracking table */
if (qdf_likely(nbuf)) { qdf_nbuf_panic_on_free_if_mapped(nbuf, file, line);
qdf_nbuf_panic_on_free_if_mapped(nbuf, file, line); qdf_net_buf_debug_delete_node(nbuf);
qdf_net_buf_debug_delete_node(nbuf); qdf_nbuf_history_add(nbuf, file, line, QDF_NBUF_FREE);
qdf_nbuf_history_add(nbuf, file, line, QDF_NBUF_FREE);
}
free_buf: free_buf:
__qdf_nbuf_free(nbuf); __qdf_nbuf_free(nbuf);