wifi: ath12k: fix invalid access to memory
In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and bool is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation accessed again which is wrong since the memory is already freed. This leads to following KASAN trace - BUG: KASAN: use-after-free in ath12k_dp_rx_h_ppdu+0x18f4/0x1ab0 [ath12k]. Hence fix the issue by locally defining bool is_continuation from rxcb, so that after freeing skb also we can use is_continuation. Fixes: d8899132 ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Signed-off-by:Sarika Sharma <quic_sarishar@quicinc.com> Signed-off-by:
Tamizh Chelvam Raja <tamizh.raja@oss.qualcomm.com> Signed-off-by:
Raj Kumar Bhagat <quic_rajkbhag@quicinc.com> Signed-off-by:
Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Loading
Please sign in to comment