qcacld-2.0: Fix potential double free in wma_log_supported_evt_handler
propagation from qcacld-3.0 to qcacld-2.0 In wma_log_supported_evt_handler, events_logs_list in wma handle is freed if previously allocated. If the num_of_diag_events_logs exceeds the max size, we exit from the function early without allocating memory for events_logs_list. This can result in potential double free scenario if we receive another DIAG_EVENT_LOG_SUPPORTED event from firmware. Fix is to set events_logs_list pointer to NULL after freeing memory. Change-Id: I9d6148dfc064d87e2947d1b5ec4492c08913dd4c CRs-Fixed: 2482603
This commit is contained in:
parent
f9b7408072
commit
378c9d3f25
|
@ -20199,8 +20199,10 @@ static int wma_log_supported_evt_handler(void *handle,
|
|||
}
|
||||
|
||||
/* Free any previous allocation */
|
||||
if (wma->events_logs_list)
|
||||
if (wma->events_logs_list) {
|
||||
vos_mem_free(wma->events_logs_list);
|
||||
wma->events_logs_list = NULL;
|
||||
}
|
||||
|
||||
/* Store the event list for run time enable/disable */
|
||||
wma->events_logs_list = vos_mem_malloc(num_of_diag_events_logs *
|
||||
|
|
Loading…
Reference in New Issue