qcacmn: NULL pointer dereference in htc_issue_packets()

Inside htc_issue_packets() if the HTC frame header associated with a packet is NULL, a NULL pointer dereference can occur. Add check to verify that HTC frame header is not NULL before dereferencing. Change-Id: I4169035286b582a91e5963c20a11c8ad0f375d17 Crs-Fixed: 2232846
2018-05-31 13:15:20 +05:30
--- a/htc/htc_send.c
+++ b/htc/htc_send.c
@@ -544,7 +544,14 @@ static QDF_STATUS htc_issue_packets(HTC_TARGET *target,

 			pHtcHdr = (HTC_FRAME_HDR *)
 				qdf_nbuf_get_frag_vaddr(netbuf, 0);
-			AR_DEBUG_ASSERT(pHtcHdr);
+			if (qdf_unlikely(!pHtcHdr)) {
+				AR_DEBUG_PRINTF(ATH_DEBUG_ERR,
+						("%s Invalid pHtcHdr\n",
+						 __func__));
+				AR_DEBUG_ASSERT(pHtcHdr);
+				status = QDF_STATUS_E_FAILURE;
+				break;
+			}

 			HTC_WRITE32(pHtcHdr,
 					SM(payloadLen,