commit 0f65b8b038f7a76d8d68df9f7f96f8c4f989beec
author Danny Wu <danny.wu@mediatek.com> Mon Jun 05 20:34:19 2017 +0800
committer Danny Wu <danny.wu@mediatek.com> Fri Jun 30 14:50:08 2017 +0800
tree 9ebe3cb5edbd432dcaaa2e8def3e491ce7dedf25
parent a4d1969b639919b545d3828620debff90e569207

[DTV00857290][[DTV][Coverity Scanned Code Defect] 15367: Out-of-bounds write]

[Description]
Fix
cid 361761, 361762 "Dereference before null check" in p2p_dev_fsm.c

Change-Id: I8984c21157712670b79f7f1eaa2887c5495c32e8
Signed-off-by: Danny Wu <danny.wu@mediatek.com>
CR-Id: DTV00857290
(cherry picked from commit 36fe728b5510d58ac98cb59eb91f0f6742382e25)

mgmt/p2p_dev_fsm.c

diff --git a/mgmt/p2p_dev_fsm.c b/mgmt/p2p_dev_fsm.c
index 279f11b..0e8c855 100644
--- a/mgmt/p2p_dev_fsm.c
+++ b/mgmt/p2p_dev_fsm.c
@@ -90,34 +90,35 @@
 
 		prP2pBssInfo = cnmGetBssInfoAndInit(prAdapter, NETWORK_TYPE_P2P, TRUE);
 
-		COPY_MAC_ADDR(prP2pBssInfo->aucOwnMacAddr, prAdapter->rMyMacAddr);
-		prP2pBssInfo->aucOwnMacAddr[0] ^= 0x2;	/* change to local administrated address */
+		if (prP2pBssInfo != NULL) {
+			COPY_MAC_ADDR(prP2pBssInfo->aucOwnMacAddr, prAdapter->rMyMacAddr);
+			prP2pBssInfo->aucOwnMacAddr[0] ^= 0x2;	/* change to local administrated address */
 
-		prP2pDevFsmInfo->ucBssIndex = prP2pBssInfo->ucBssIndex;
+			prP2pDevFsmInfo->ucBssIndex = prP2pBssInfo->ucBssIndex;
 
-		prP2pBssInfo->eCurrentOPMode = OP_MODE_P2P_DEVICE;
-		prP2pBssInfo->ucConfigAdHocAPMode = AP_MODE_11G_P2P;
-		prP2pBssInfo->u2HwDefaultFixedRateCode = RATE_OFDM_6M;
+			prP2pBssInfo->eCurrentOPMode = OP_MODE_P2P_DEVICE;
+			prP2pBssInfo->ucConfigAdHocAPMode = AP_MODE_11G_P2P;
+			prP2pBssInfo->u2HwDefaultFixedRateCode = RATE_OFDM_6M;
 
-		prP2pBssInfo->eBand = BAND_2G4;
-		prP2pBssInfo->eDBDCBand = ENUM_BAND_0;
-		prP2pBssInfo->ucWmmQueSet = DBDC_2G_WMM_INDEX;
+			prP2pBssInfo->eBand = BAND_2G4;
+			prP2pBssInfo->eDBDCBand = ENUM_BAND_0;
+			prP2pBssInfo->ucWmmQueSet = DBDC_2G_WMM_INDEX;
 
-		prP2pBssInfo->ucPhyTypeSet = prAdapter->rWifiVar.ucAvailablePhyTypeSet & PHY_TYPE_SET_802_11GN;
+			prP2pBssInfo->ucPhyTypeSet = prAdapter->rWifiVar.ucAvailablePhyTypeSet & PHY_TYPE_SET_802_11GN;
 
-		prP2pBssInfo->ucNonHTBasicPhyType = (UINT_8)
-		    rNonHTApModeAttributes[prP2pBssInfo->ucConfigAdHocAPMode].ePhyTypeIndex;
-		prP2pBssInfo->u2BSSBasicRateSet =
-		    rNonHTApModeAttributes[prP2pBssInfo->ucConfigAdHocAPMode].u2BSSBasicRateSet;
+			prP2pBssInfo->ucNonHTBasicPhyType = (UINT_8)
+			    rNonHTApModeAttributes[prP2pBssInfo->ucConfigAdHocAPMode].ePhyTypeIndex;
+			prP2pBssInfo->u2BSSBasicRateSet =
+			    rNonHTApModeAttributes[prP2pBssInfo->ucConfigAdHocAPMode].u2BSSBasicRateSet;
 
-		prP2pBssInfo->u2OperationalRateSet =
-		    rNonHTPhyAttributes[prP2pBssInfo->ucNonHTBasicPhyType].u2SupportedRateSet;
-		prP2pBssInfo->u4PrivateData = 0;/* TH3 Huang */
+			prP2pBssInfo->u2OperationalRateSet =
+			    rNonHTPhyAttributes[prP2pBssInfo->ucNonHTBasicPhyType].u2SupportedRateSet;
+			prP2pBssInfo->u4PrivateData = 0;/* TH3 Huang */
 
-		rateGetDataRatesFromRateSet(prP2pBssInfo->u2OperationalRateSet,
+			rateGetDataRatesFromRateSet(prP2pBssInfo->u2OperationalRateSet,
 					    prP2pBssInfo->u2BSSBasicRateSet,
 					    prP2pBssInfo->aucAllSupportedRates, &prP2pBssInfo->ucAllSupportedRatesLen);
-
+		}
 		prP2pChnlReqInfo = &prP2pDevFsmInfo->rChnlReqInfo;
 		LINK_INITIALIZE(&prP2pChnlReqInfo->rP2pChnlReqLink);
 
@@ -676,6 +677,8 @@
 
 	do {
 		ASSERT((prAdapter != NULL) && (prMsgHdr != NULL) && (prP2pDevFsmInfo != NULL));
+		if ((prAdapter == NULL) || (prMsgHdr == NULL) || (prP2pDevFsmInfo == NULL))
+			break;
 
 		prMsgChGrant = (P_MSG_CH_GRANT_T) prMsgHdr;
 		prChnlReqInfo = &(prP2pDevFsmInfo->rChnlReqInfo);