From c67478f0d7387343f3a46f4e5baf2b56567c347c Mon Sep 17 00:00:00 2001 From: Harprit Chhabada Date: Tue, 9 Apr 2019 11:39:22 -0700 Subject: [PATCH] qcacld-3.0: Null check while calling md_host_evt_cb wma_motion_det_host_event_handler() get called when FW sent WMI_MOTION_DET_HOST_EVENTID message. After the initial processing, pmac->sme.md_host_evt_cb() is called to send the relevant data back up to the upper layers of WLAN. Since this callback function is dynamically registered there are cases where it might not be registered before this FW event is received, resulting in a NULL pointer dereference. Change-Id: I06b7907b39f4da0837196ccf377ecc2da325be8c CRs-Fixed: 2428803 --- core/wma/src/wma_main.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/wma/src/wma_main.c b/core/wma/src/wma_main.c index 527bac1fee..8555a97c57 100644 --- a/core/wma/src/wma_main.c +++ b/core/wma/src/wma_main.c @@ -8018,6 +8018,11 @@ int wma_motion_det_host_event_handler(void *handle, uint8_t *event, return -EINVAL; } + if (!pmac || !pmac->sme.md_host_evt_cb) { + WMA_LOGE("Invalid motion detect callback"); + return -EINVAL; + } + motion_det_event_hdr = param_buf->fixed_param; WMA_LOGA("motion detect host event received, vdev_id=%d, status=%d", motion_det_event_hdr->vdev_id, motion_det_event_hdr->status);