qcacmn: Fix use-after-freed when sending WMI command to FW
Using a buffer after passing it to wmi_unified_cmd_send() induces a race condition that may result in a use-after-freed situation. Fix several potential use-after-freed situations when calling wmi_unified_cmd_send() by ensuring all access to a buffer is done before the call to wmi_unified_cmd_send(). Change-Id: I985aad6e49daf1d823e3751a9cb0a293a298323c CRs-Fixed: 1089713
This commit is contained in:
Dustin Brown
@@ -1738,6 +1738,8 @@ static bool wmi_is_pm_resume_cmd(uint32_t cmd_id)
|
||||
* @len: wmi buffer length
|
||||
* @cmd_id: wmi command id
|
||||
*
|
||||
* Note, it is NOT safe to access buf after calling this function!
|
||||
*
|
||||
* Return: 0 on success
|
||||
*/
|
||||
QDF_STATUS wmi_unified_cmd_send(wmi_unified_t wmi_handle, wmi_buf_t buf,
|
||||
|
||||
مرجع در شماره جدید
Block a user