[DTV00857290][[DTV][Coverity Scanned Code Defect] 15367: Out-of-bounds write] [Description] Fix cid 70638 "Dereference before null check" in p2p_fsm.c Change-Id: I879c7a298f43a9be00131b66094f0a54bd0d3bc7 Signed-off-by: Danny Wu <danny.wu@mediatek.com> CR-Id: DTV00857290 (cherry picked from commit 2361c3df3e513081addb54761f4c864565860c60)

commit: 6af855e6f2af4a8db7e19eb509b60f31a1f07753 [log] [tgz]
author: Danny Wu <danny.wu@mediatek.com> Tue Jun 06 13:42:07 2017 +0800
committer: Danny Wu <danny.wu@mediatek.com> Fri Jun 30 14:50:41 2017 +0800
tree: 2d14811eb976a285977866708ea971410647567f
parent: b997d6c468f27837633adfada6afe7016f1d88b1 [diff]
diff --git a/mgmt/p2p_fsm.c b/mgmt/p2p_fsm.c
index a31ad3b..ceca3c5 100644
--- a/mgmt/p2p_fsm.c
+++ b/mgmt/p2p_fsm.c

@@ -114,6 +114,8 @@
 
 	do {
 		ASSERT_BREAK((prAdapter != NULL) && (prMsgHdr != NULL));
+		if ((prAdapter == NULL) || (prMsgHdr == NULL))
+			break;
 
 		prP2pScanReqMsg = (P_MSG_P2P_SCAN_REQUEST_T) prMsgHdr;
 
@@ -121,9 +123,14 @@
 			p2pDevFsmRunEventScanRequest(prAdapter, prMsgHdr);
 		else
 			p2pRoleFsmRunEventScanRequest(prAdapter, prMsgHdr);
+
+		prMsgHdr = NULL;
+		/* Both p2pDevFsmRunEventScanRequest and p2pRoleFsmRunEventScanRequest
+		 * free prMsgHdr before return, so prMsgHdr is needed to be NULL.
+		 */
 	} while (FALSE);
 
-	if (prP2pScanReqMsg == NULL)
+	if (prMsgHdr != NULL)
 		cnmMemFree(prAdapter, prMsgHdr);
 }				/* p2pDevFsmRunEventScanRequest */
commit	6af855e6f2af4a8db7e19eb509b60f31a1f07753	[log] [tgz]
author	Danny Wu <danny.wu@mediatek.com>	Tue Jun 06 13:42:07 2017 +0800
committer	Danny Wu <danny.wu@mediatek.com>	Fri Jun 30 14:50:41 2017 +0800
tree	2d14811eb976a285977866708ea971410647567f
parent	b997d6c468f27837633adfada6afe7016f1d88b1 [diff]