From 54558c86e3d3adf2232b7cdfa8f25a9089f68967 Mon Sep 17 00:00:00 2001
From: DoHyun Pyun <dh79.pyun@samsung.com>
Date: Thu, 4 Jul 2019 09:18:21 +0900
Subject: [PATCH] Bluetooth: Fix the potential crash issue

There is a logic error in the event function. We should
check the callback function's parameter before calling.

Change-Id: I06a4a8c50317e5ec4ae8fe35e4b788105e090196
Fixes: bde01c80dd51 ("Bluetooth: Set le data length command and event")
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
Signed-off-by: Wootak Jung <wootak.jung@samsung.com>
---
 net/bluetooth/hci_event.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index cc4c4bb2d3c5..1dd3f6741d1a 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2377,11 +2377,11 @@ static void hci_le_data_length_changed_complete_evt(struct hci_dev *hdev,
 		conn->tx_time = le16_to_cpu(ev->tx_time);
 		conn->rx_len = le16_to_cpu(ev->rx_len);
 		conn->rx_time = le16_to_cpu(ev->rx_time);
-	}
 
-	mgmt_le_data_length_change_complete(hdev, &conn->dst,
+		mgmt_le_data_length_change_complete(hdev, &conn->dst,
 					    conn->tx_len, conn->tx_time,
 					    conn->rx_len, conn->rx_time);
+	}
 
 	hci_dev_unlock(hdev);
 }
-- 
2.34.1