Selaa lähdekoodia

qcacld-3.0: Fix potential NULL dereference in ol_txrx_ipa_uc_get_resource

Pointer 'cds_get_context(QDF_MODULE_ID_TXRX)' returned from call to
function ol_txrx_ipa_uc_get_resource may be NULL and will be
dereferenced.
The fix is to check if cds_get_context is not NULL before passing it
to ol_txrx_ipa_uc_get_resource.

Change-Id: Idbb69bcbef6cb54df334c30419dc0f7015466f28
CRs-Fixed: 1042048
Yun Park 9 vuotta sitten
vanhempi
sitoutus
7f171abb04
1 muutettua tiedostoa jossa 7 lisäystä ja 2 poistoa
  1. 7 2
      core/hdd/src/wlan_hdd_ipa.c

+ 7 - 2
core/hdd/src/wlan_hdd_ipa.c

@@ -3991,10 +3991,16 @@ QDF_STATUS hdd_ipa_init(hdd_context_t *hdd_ctx)
 	struct hdd_ipa_priv *hdd_ipa = NULL;
 	int ret, i;
 	struct hdd_ipa_iface_context *iface_context = NULL;
+	struct ol_txrx_pdev_t *pdev = cds_get_context(QDF_MODULE_ID_TXRX);
 
 	if (!hdd_ipa_is_enabled(hdd_ctx))
 		return QDF_STATUS_SUCCESS;
 
+	if (!pdev) {
+		HDD_IPA_LOG(QDF_TRACE_LEVEL_FATAL, "pdev is NULL");
+		goto fail_return;
+	}
+
 	hdd_ipa = qdf_mem_malloc(sizeof(*hdd_ipa));
 	if (!hdd_ipa) {
 		HDD_IPA_LOG(QDF_TRACE_LEVEL_FATAL, "hdd_ipa allocation failed");
@@ -4005,8 +4011,7 @@ QDF_STATUS hdd_ipa_init(hdd_context_t *hdd_ctx)
 	ghdd_ipa = hdd_ipa;
 	hdd_ipa->hdd_ctx = hdd_ctx;
 	hdd_ipa->num_iface = 0;
-	ol_txrx_ipa_uc_get_resource(cds_get_context(QDF_MODULE_ID_TXRX),
-				&hdd_ipa->ipa_resource);
+	ol_txrx_ipa_uc_get_resource(pdev, &hdd_ipa->ipa_resource);
 	if ((0 == hdd_ipa->ipa_resource.ce_sr_base_paddr) ||
 	    (0 == hdd_ipa->ipa_resource.tx_comp_ring_base_paddr) ||
 	    (0 == hdd_ipa->ipa_resource.rx_rdy_ring_base_paddr) ||