qcacmn: fix a potential access after free
Once the wmi command is send to the FW, a sequence of events (deletion of peer and sending of unmap messages to host) happens on FW. This could potentially make a subsequent access to peer_addr an access after the object is freed. Indeed a crash instance of such a case has been reported. Fix this by moving the print command before the actual wmi command send. Change-Id: I5a0d19b9b4a09687d5513acc52139a73b8490512 CRs-Fixed: 1108700
This commit is contained in:
Orhan K AKYILDIZ
committed by
qcabuildsw
qcabuildsw
parent
33bb714364
commit
c8d1c4bccf
@@ -499,12 +499,12 @@ QDF_STATUS send_peer_delete_cmd_tlv(wmi_unified_t wmi,
|
||||
WMI_CHAR_ARRAY_TO_MAC_ADDR(peer_addr, &cmd->peer_macaddr);
|
||||
cmd->vdev_id = vdev_id;
|
||||
|
||||
WMI_LOGD("%s: peer_addr %pM vdev_id %d", __func__, peer_addr, vdev_id);
|
||||
if (wmi_unified_cmd_send(wmi, buf, len, WMI_PEER_DELETE_CMDID)) {
|
||||
WMI_LOGP("%s: Failed to send peer delete command", __func__);
|
||||
wmi_buf_free(buf);
|
||||
return QDF_STATUS_E_FAILURE;
|
||||
}
|
||||
WMI_LOGD("%s: peer_addr %pM vdev_id %d", __func__, peer_addr, vdev_id);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user