From 7f171abb04a0823994107a380c7ea62b610caa3e Mon Sep 17 00:00:00 2001 From: Yun Park Date: Fri, 29 Jul 2016 15:44:22 -0700 Subject: [PATCH] qcacld-3.0: Fix potential NULL dereference in ol_txrx_ipa_uc_get_resource Pointer 'cds_get_context(QDF_MODULE_ID_TXRX)' returned from call to function ol_txrx_ipa_uc_get_resource may be NULL and will be dereferenced. The fix is to check if cds_get_context is not NULL before passing it to ol_txrx_ipa_uc_get_resource. Change-Id: Idbb69bcbef6cb54df334c30419dc0f7015466f28 CRs-Fixed: 1042048 --- core/hdd/src/wlan_hdd_ipa.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/core/hdd/src/wlan_hdd_ipa.c b/core/hdd/src/wlan_hdd_ipa.c index 5f9f30ab14..87ae722f57 100644 --- a/core/hdd/src/wlan_hdd_ipa.c +++ b/core/hdd/src/wlan_hdd_ipa.c @@ -3991,10 +3991,16 @@ QDF_STATUS hdd_ipa_init(hdd_context_t *hdd_ctx) struct hdd_ipa_priv *hdd_ipa = NULL; int ret, i; struct hdd_ipa_iface_context *iface_context = NULL; + struct ol_txrx_pdev_t *pdev = cds_get_context(QDF_MODULE_ID_TXRX); if (!hdd_ipa_is_enabled(hdd_ctx)) return QDF_STATUS_SUCCESS; + if (!pdev) { + HDD_IPA_LOG(QDF_TRACE_LEVEL_FATAL, "pdev is NULL"); + goto fail_return; + } + hdd_ipa = qdf_mem_malloc(sizeof(*hdd_ipa)); if (!hdd_ipa) { HDD_IPA_LOG(QDF_TRACE_LEVEL_FATAL, "hdd_ipa allocation failed"); @@ -4005,8 +4011,7 @@ QDF_STATUS hdd_ipa_init(hdd_context_t *hdd_ctx) ghdd_ipa = hdd_ipa; hdd_ipa->hdd_ctx = hdd_ctx; hdd_ipa->num_iface = 0; - ol_txrx_ipa_uc_get_resource(cds_get_context(QDF_MODULE_ID_TXRX), - &hdd_ipa->ipa_resource); + ol_txrx_ipa_uc_get_resource(pdev, &hdd_ipa->ipa_resource); if ((0 == hdd_ipa->ipa_resource.ce_sr_base_paddr) || (0 == hdd_ipa->ipa_resource.tx_comp_ring_base_paddr) || (0 == hdd_ipa->ipa_resource.rx_rdy_ring_base_paddr) ||