首页 发现 帮助
登录
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

qcacmn: Avoid possible use-after-free in wlan_objmgr_vdev_obj_create

There is use-after-free of vdev object in wlan_objmgr_vdev_obj_create
wherein vdevid is being accessed to log the create failure after the
vdev is freed.

To resolve the issue, Log the error with vdev_id before freeing the
vdev

Change-Id: Ia509f90cd2219f657ecdecbfb26d397daa3beda6
CRs-Fixed: 2559556
Arun Kumar Khandavalli 5 年之前
父节点
244eeac730
当前提交
95b3c1a9a2
共有 1 个文件被更改,包括 1 次插入1 次删除
分列视图 显示文件统计
  1. 1 1
      umac/cmn_services/obj_mgr/src/wlan_objmgr_vdev_obj.c

+ 1 - 1
umac/cmn_services/obj_mgr/src/wlan_objmgr_vdev_obj.c
查看文件 

@@ -246,9 +246,9 @@ struct wlan_objmgr_vdev *wlan_objmgr_vdev_obj_create(
 
 	/* Component object failed to be created, clean up the object */
 
 	} else if (obj_status == QDF_STATUS_E_FAILURE) {
 
 		/* Clean up the psoc */
 
-		wlan_objmgr_vdev_obj_delete(vdev);
 
 		obj_mgr_err("VDEV comp objects creation failed for vdev-id:%d",
 
 			vdev->vdev_objmgr.vdev_id);
 
+		wlan_objmgr_vdev_obj_delete(vdev);
 
 		/*
 
 		 * Set params osifp to NULL as it is freed during vdev obj
 
 		 * delete, This prevents caller from performing double free.