[DTV00857290][[DTV][Coverity Scanned Code Defect] 15367: Out-of-bounds write]
[Description]
Fix cid 70638 "Dereference before null check" in p2p_fsm.c
Change-Id: I879c7a298f43a9be00131b66094f0a54bd0d3bc7
Signed-off-by: Danny Wu <danny.wu@mediatek.com>
CR-Id: DTV00857290
(cherry picked from commit 2361c3df3e513081addb54761f4c864565860c60)
diff --git a/mgmt/p2p_fsm.c b/mgmt/p2p_fsm.c
index a31ad3b..ceca3c5 100644
--- a/mgmt/p2p_fsm.c
+++ b/mgmt/p2p_fsm.c
@@ -114,6 +114,8 @@
do {
ASSERT_BREAK((prAdapter != NULL) && (prMsgHdr != NULL));
+ if ((prAdapter == NULL) || (prMsgHdr == NULL))
+ break;
prP2pScanReqMsg = (P_MSG_P2P_SCAN_REQUEST_T) prMsgHdr;
@@ -121,9 +123,14 @@
p2pDevFsmRunEventScanRequest(prAdapter, prMsgHdr);
else
p2pRoleFsmRunEventScanRequest(prAdapter, prMsgHdr);
+
+ prMsgHdr = NULL;
+ /* Both p2pDevFsmRunEventScanRequest and p2pRoleFsmRunEventScanRequest
+ * free prMsgHdr before return, so prMsgHdr is needed to be NULL.
+ */
} while (FALSE);
- if (prP2pScanReqMsg == NULL)
+ if (prMsgHdr != NULL)
cnmMemFree(prAdapter, prMsgHdr);
} /* p2pDevFsmRunEventScanRequest */