pbuf: fix use after free possibility and fast return

After freeing packet the code uses packet->next
Its more of an issue when task_woken is NULL meaning we are not in ISR
Also added fast bail out with return to jump out of while loop

Author: edvardxyz

src/interfaces/csp_if_can_pbuf.c

@@ -19,14 +19,16 @@ void csp_can_pbuf_free(csp_can_interface_data_t * ifdata, csp_packet_t * buffer,
 
 	while (packet) {
 
+		csp_packet_t * next = packet->next;
+
 		/* Perform cleanup in used pbufs */
 		if (packet == buffer) {
 
 			/* Erase from list prev->next = next */
 			if (prev) {
-				prev->next = packet->next;
+				prev->next = next;
 			} else {
-				ifdata->pbufs = packet->next;
+				ifdata->pbufs = next;
 			}
 
 			if (buf_free) {
@@ -36,11 +38,11 @@ void csp_can_pbuf_free(csp_can_interface_data_t * ifdata, csp_packet_t * buffer,
 					csp_buffer_free_isr(packet);
 				}
 			}
-
+			return;
 		}
 
 		prev = packet;
-		packet = packet->next;
+		packet = next;
 	}
 
 }