From b13cd6fade166d20b227dc844e1bc935a31e6502 Mon Sep 17 00:00:00 2001
From: Deeksha Gupta <deegupta@codeaurora.org>
Date: Wed, 25 Aug 2021 15:57:25 +0530
Subject: [PATCH] qcacld-3.0: Check for valid vdev_id in
 wma_is_roam_in_progress

When kickout event is received from firmware, the function
wma_is_roam_in_progress is called to check the roaming in
progress using vdev_id .

Vdev_id needs to be checked for valid vdev_id prior to
derefencing it.

Change-Id: Ib56895ad73b5dcefe7a0b9f65089306bf42d78eb
CRs-Fixed: 3020665
---
 core/wma/src/wma_data.c | 3 +++
 core/wma/src/wma_mgmt.c | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/core/wma/src/wma_data.c b/core/wma/src/wma_data.c
index 31a8b1e15b..0cb2cf23a2 100644
--- a/core/wma/src/wma_data.c
+++ b/core/wma/src/wma_data.c
@@ -3168,6 +3168,9 @@ bool wma_is_roam_in_progress(uint32_t vdev_id)
 	tp_wma_handle wma = cds_get_context(QDF_MODULE_ID_WMA);
 	enum QDF_OPMODE opmode;
 
+	if (!wma_is_vdev_valid(vdev_id))
+		return false;
+
 	if (!wma || !wma->interfaces[vdev_id].vdev)
 		return false;
 
diff --git a/core/wma/src/wma_mgmt.c b/core/wma/src/wma_mgmt.c
index 60a1b8d3a1..0a61f29aac 100644
--- a/core/wma/src/wma_mgmt.c
+++ b/core/wma/src/wma_mgmt.c
@@ -344,6 +344,10 @@ int wma_peer_sta_kickout_event_handler(void *handle, uint8_t *event,
 			 QDF_MAC_ADDR_REF(macaddr));
 		return -EINVAL;
 	}
+
+	if (!wma_is_vdev_valid(vdev_id))
+		return -EINVAL;
+
 	vdev = wma->interfaces[vdev_id].vdev;
 	if (!vdev) {
 		wma_err("Not able to find vdev for VDEV_%d", vdev_id);