From a0805fb4d04565376e8fcaeabab774a0714322a3 Mon Sep 17 00:00:00 2001 From: aloksing Date: Fri, 2 Jun 2023 14:39:56 +0530 Subject: [PATCH] qcacmn: Fix double free of frags When decap type is invalid, freeing nbuf and while next monitor buffer tlv picking last nbuf from queue. which has allocated frags and valid data. expecting MPDU END TLV for previous mpdu before monitor buffer tlv to allocate new nbuf. Set rx_hdr_rcvd to false when we receive invalid decap type. CRs-Fixed: 3503694 Change-Id: I97ede9e52df580769b78afc767ba9528914b3ea5 --- dp/wifi3.0/monitor/2.0/dp_rx_mon_2.0.c | 1 + 1 file changed, 1 insertion(+) diff --git a/dp/wifi3.0/monitor/2.0/dp_rx_mon_2.0.c b/dp/wifi3.0/monitor/2.0/dp_rx_mon_2.0.c index 097fdcf9d0..832db0b734 100644 --- a/dp/wifi3.0/monitor/2.0/dp_rx_mon_2.0.c +++ b/dp/wifi3.0/monitor/2.0/dp_rx_mon_2.0.c @@ -1600,6 +1600,7 @@ uint8_t dp_rx_mon_process_tlv_status(struct dp_pdev *pdev, dp_mon_err("Decap type invalid"); qdf_assert_always(0); } + ppdu_info->rx_hdr_rcvd[user_id] = false; return num_buf_reaped; }