b9c4674fda
In the function wma_vdev_start_resp_handler when we recieve a vdev start response event, we copy the req_msg->user_data to the object hidden_ssid_restart of the structure tpHalHiddenSsidVdevRestart. If hidden_ssid_restart_in_progress flag is set for the corresponding vdev_id, then we post that message to the PE and free the hidden_ssid_restart. If this req_msg->user_data is used again if req_msg->msg_type is WMA_CHNL_SWITCH_REQ , then a possible Use-After-Free will occur in wma_vdev_start_resp_handler. When a channel switch request has occured, there will not be a hidden ssid restart event in progress. So add check to validate if the req_msg->msg_type == WMA_HIDDEN_SSID_VDEV_RESTART. Change-Id: Ie3195b23ff136fbfd38fcd4d32e993d4cb016316 CRs-Fixed: 2216751 |
||
|---|---|---|
| .. | ||
| inc | ||
| src | ||