qcacmn: Add check to avoid NULL pointer deference in parse MBSSID

In malformed beacon frame may deference the NULL pointer while
parsing MBSSID IE in util_scan_parse_mbssid will lead to crash.

Add check in util_scan_parse_mbsssid for split_prof_start before
passing to util_gen_new_ie and assign zero to split_prof_len
whenever split_prof_start freed to avoid unanticipated scenario.

Change-Id: Ibb9739d6b5d1775ab52d59f9aa5050ca693cd926
CRs-Fixed: 3717571

umac/scan/dispatcher/src/wlan_scan_utils_api.c

@@ -3605,6 +3605,8 @@ static QDF_STATUS util_scan_parse_mbssid(struct wlan_objmgr_pdev *pdev,
 			}
 
 			if (mbssid_info.split_prof_continue) {
+				if (!split_prof_start)
+					break;
 				nontx_profile = split_prof_start;
 				subie_len = split_prof_len;
 			} else {
@@ -3623,6 +3625,7 @@ static QDF_STATUS util_scan_parse_mbssid(struct wlan_objmgr_pdev *pdev,
 					qdf_mem_free(split_prof_start);
 					split_prof_start = NULL;
 					split_prof_end = NULL;
+					split_prof_len = 0;
 				}
 				continue;
 			}
@@ -3693,6 +3696,7 @@ static QDF_STATUS util_scan_parse_mbssid(struct wlan_objmgr_pdev *pdev,
 					qdf_mem_free(split_prof_start);
 					split_prof_start = NULL;
 					split_prof_end = NULL;
+					split_prof_len = 0;
 					qdf_mem_zero(&mbssid_info,
 						     sizeof(mbssid_info));
 				}
@@ -3707,6 +3711,7 @@ static QDF_STATUS util_scan_parse_mbssid(struct wlan_objmgr_pdev *pdev,
 				qdf_mem_free(split_prof_start);
 				split_prof_start = NULL;
 				split_prof_end = NULL;
+				split_prof_len = 0;
 			}
 			qdf_mem_free(new_frame);
 		}