From: Ajay Singh <ajay.kathat@xxxxxxxxxxxxx> 'vmm_table' array contains the size of data buffer length including host header length. In 'vmm_table' array, the Zero value means the end of vmm_entries that needs to transfer to firmware which is calculated based on VMM free size in firmware. Use 'vmm_table' valid entry check before fetching the entry from TX queue to only copy valid number of entries to avoid possible NULL pointer exception observed sometimes during large file transfers. Signed-off-by: Ajay Singh <ajay.kathat@xxxxxxxxxxxxx> --- drivers/net/wireless/microchip/wilc1000/wlan.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/microchip/wilc1000/wlan.c b/drivers/net/wireless/microchip/wilc1000/wlan.c index fb5633a05fd5..48441f0389ca 100644 --- a/drivers/net/wireless/microchip/wilc1000/wlan.c +++ b/drivers/net/wireless/microchip/wilc1000/wlan.c @@ -875,14 +875,15 @@ int wilc_wlan_handle_txq(struct wilc *wilc, u32 *txq_count) char *bssid; u8 mgmt_ptk = 0; + if (vmm_table[i] == 0 || vmm_entries_ac[i] >= NQUEUES) + break; + tqe = wilc_wlan_txq_remove_from_head(wilc, vmm_entries_ac[i]); - ac_pkt_num_to_chip[vmm_entries_ac[i]]++; if (!tqe) break; + ac_pkt_num_to_chip[vmm_entries_ac[i]]++; vif = tqe->vif; - if (vmm_table[i] == 0) - break; le32_to_cpus(&vmm_table[i]); vmm_sz = FIELD_GET(WILC_VMM_BUFFER_SIZE, vmm_table[i]); -- 2.25.1
