Fix external radio work debug printing on removal
work->type was pointing to the allocated work->ctx buffer and the debug print in radio_work_free() ended up using freed memory if a started external radio work was removed as part of FLUSH command operations. Fix this by updating work->type to point to a constant string in case the dynamic version gets freed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
f260ce4be8
commit
7d1007a674
1 changed files with 7 additions and 0 deletions
|
|
@ -7268,6 +7268,13 @@ static void wpas_ctrl_radio_work_cb(struct wpa_radio_work *work, int deinit)
|
|||
eloop_cancel_timeout(wpas_ctrl_radio_work_timeout,
|
||||
work, NULL);
|
||||
|
||||
/*
|
||||
* work->type points to a buffer in ework, so need to replace
|
||||
* that here with a fixed string to avoid use of freed memory
|
||||
* in debug prints.
|
||||
*/
|
||||
work->type = "freed-ext-work";
|
||||
work->ctx = NULL;
|
||||
os_free(ework);
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue