[ Upstream commit c68bbf5 ] This adds a check before freeing the rx->skb in flush and close functions to handle the kernel crash seen while removing driver after FW download fails or before FW download completes. dmesg log: [ 54.634586] Unable to handle kernel NULL pointer dereference at ...
The bt_gatt_attr_read function did not properly handle cases where value is NULL and/or value_len is 0, or bad mixes of the two. The important part is here is that we do not perform the pointer ari...
In the error interrupt case for DMA there was a missing check to see if callback function was registered. If it was not a null pointer would be deferenced. Impact Remove possible null-pointer dereference bug. Testing This was audited by the clang-analyzer which caught this as https://clang...