qcacmn: Fix a double free crash

The atomic flag 'mem_struct->in_use' should be accessed only after
a sanity check for 'mem_struct' in the function qdf_mem_free(). There is
a possibility that a double free can cause panic before the debug
logic kicks in.

Change-Id: I162b7e72e0f28f8808a7ae56efabb6620d17a6bd
CRs-Fixed: 2073968

qdf/linux/src/qdf_mem.c

@@ -1082,8 +1082,6 @@ void qdf_mem_free(void *ptr)
 	if (qdf_mem_prealloc_put(ptr))
 		return;
 
-	if (!qdf_atomic_dec_and_test(&mem_struct->in_use))
-		return;
 
 	qdf_spin_lock_irqsave(&qdf_mem_list_lock);
 
@@ -1113,6 +1111,11 @@ void qdf_mem_free(void *ptr)
 			&WLAN_MEM_TAIL[0], sizeof(WLAN_MEM_TAIL)))
 		goto error;
 
+	if (!qdf_atomic_dec_and_test(&mem_struct->in_use)) {
+		qdf_spin_unlock_irqrestore(&qdf_mem_list_lock);
+		return;
+	}
+
 	/*
 	 * make the node an empty list before doing the spin unlock
 	 * The empty list check will guarantee that we avoid a race condition.