qcacmn: Fix null pointer dereferenc in __htc_send_pkt

In __htc_send_pkt, pointer is checked against null but then
dereferenced later.
Fix it by checking null before dereference it.

Change-Id: I8a0dcfccbe458f5b85b8c930eb9685a75b64829b
CRs-Fixed: 2232835

htc/htc_send.c

@@ -1358,7 +1358,7 @@ static inline QDF_STATUS __htc_send_pkt(HTC_HANDLE HTCHandle,
 	HTC_ENDPOINT *pEndpoint;
 	HTC_PACKET_QUEUE pPktQueue;
 	qdf_nbuf_t netbuf;
-	HTC_FRAME_HDR *pHtcHdr;
+	HTC_FRAME_HDR *htc_hdr;
 	QDF_STATUS status;
 
 	AR_DEBUG_PRINTF(ATH_DEBUG_SEND,
@@ -1397,12 +1397,17 @@ static inline QDF_STATUS __htc_send_pkt(HTC_HANDLE HTCHandle,
 	/* provide room in each packet's netbuf for the HTC frame header */
 	netbuf = GET_HTC_PACKET_NET_BUF_CONTEXT(pPacket);
 	AR_DEBUG_ASSERT(netbuf);
+	if (!netbuf)
+		return QDF_STATUS_E_INVAL;
 
 	qdf_nbuf_push_head(netbuf, sizeof(HTC_FRAME_HDR));
 	/* setup HTC frame header */
-	pHtcHdr = (HTC_FRAME_HDR *) qdf_nbuf_get_frag_vaddr(netbuf, 0);
-	AR_DEBUG_ASSERT(pHtcHdr);
-	HTC_WRITE32(pHtcHdr,
+	htc_hdr = (HTC_FRAME_HDR *)qdf_nbuf_get_frag_vaddr(netbuf, 0);
+	AR_DEBUG_ASSERT(htc_hdr);
+	if (!htc_hdr)
+		return QDF_STATUS_E_INVAL;
+
+	HTC_WRITE32(htc_hdr,
 		    SM(pPacket->ActualLength,
 		       HTC_FRAME_HDR_PAYLOADLEN) |
 		    SM(pPacket->Endpoint,
@@ -1412,7 +1417,7 @@ static inline QDF_STATUS __htc_send_pkt(HTC_HANDLE HTCHandle,
 	pPacket->PktInfo.AsTx.SeqNo = pEndpoint->SeqNo;
 	pEndpoint->SeqNo++;
 
-	HTC_WRITE32(((uint32_t *) pHtcHdr) + 1,
+	HTC_WRITE32(((uint32_t *)htc_hdr) + 1,
 		    SM(pPacket->PktInfo.AsTx.SeqNo,
 		       HTC_FRAME_HDR_CONTROLBYTES1));