From 02ff1ec4c800b043939409fa9233db35d7a068cd Mon Sep 17 00:00:00 2001
From: Bulbul Dabi <bdabi@codeaurora.org>
Date: Wed, 22 Apr 2015 21:26:10 +0530
Subject: [PATCH] prima: check for NULL pointer before accessing roc context

Bug: 20500889

Remain on channel context can be NULL in __wlan_hdd_mgmt_tx if
roc is not running already. So check for NULL before accessing
the roc context.

Change-Id: If1f7a1cf6b372882a078f54d0615d5a9bf7dc3ca
Signed-off-by: Bulbul Dabi <bdabi@codeaurora.org>
---
 .../staging/prima/CORE/HDD/src/wlan_hdd_p2p.c    | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_p2p.c b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_p2p.c
index b3dc8d64ad5c..2a40d725e65d 100644
--- a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_p2p.c
+++ b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_p2p.c
@@ -1132,13 +1132,15 @@ int __wlan_hdd_mgmt_tx( struct wiphy *wiphy, struct net_device *dev,
     //then set the wait to 200 ms
     if (offchan && !wait)
     {
-        tANI_U32 current_time = vos_timer_get_system_time();
-        int remaining_roc_time = ((int) cfgState->remain_on_chan_ctx->duration -
-                                 (current_time - pAdapter->startRocTs));
-        if ( remaining_roc_time > ACTION_FRAME_DEFAULT_WAIT)
-            wait = remaining_roc_time;
-        else
-            wait = ACTION_FRAME_DEFAULT_WAIT;
+        wait = ACTION_FRAME_DEFAULT_WAIT;
+        if (pRemainChanCtx)
+        {
+            tANI_U32 current_time = vos_timer_get_system_time();
+            int remaining_roc_time = ((int) pRemainChanCtx->duration -
+                    (current_time - pAdapter->startRocTs));
+            if ( remaining_roc_time > ACTION_FRAME_DEFAULT_WAIT)
+                wait = remaining_roc_time;
+        }
     }
 
     //Call sme API to send out a action frame.
-- 
GitLab