diff options
| author | Subhani Shaik <subhanis@qca.qualcomm.com> | 2015-05-20 15:13:56 -0700 |
|---|---|---|
| committer | AnjaneeDevi Kapparapu <c_akappa@qti.qualcomm.com> | 2015-05-21 16:14:30 +0530 |
| commit | 5da497402cd514d9feeeff7f87ae067ecde51db6 (patch) | |
| tree | 15fe7df00f6a50829fe2c080661d716bdccfa2a8 | |
| parent | cdc3f86db3e19571101c87366eb7afb8d3adeb4b (diff) | |
wlan: Fix memory leak issue in cnss_diag
Addressing the following prevent issues:
1) In cld_diag_parser.c the fd is not closed incase of a failure.
2) slot_buf is not freed incase of a failure.
3) The derefferencing is incorrectly done for entry pointer.
Change-Id: I733f6d4c581a854a91680b33b95311291dbaab84
CRs-Fixed: 836055
| -rw-r--r-- | tools/fwdebuglog/cld-diag-parser.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/tools/fwdebuglog/cld-diag-parser.c b/tools/fwdebuglog/cld-diag-parser.c index 012e8a088e68..921b869942c0 100644 --- a/tools/fwdebuglog/cld-diag-parser.c +++ b/tools/fwdebuglog/cld-diag-parser.c @@ -660,8 +660,10 @@ parse_dbfile() p += strlen("VERSION:"); gdiag_header->file_version = atoi(p); } - else + else { + fclose(fd); return 0; + } } else { p = strtok_r(line, ",", &save); @@ -714,8 +716,10 @@ parse_dbfile() pack = strdup(pbuf); free(q); } - if (!diag_insert_db(format, pack, id)) + if (!diag_insert_db(format, pack, id)) { + fclose(fd); return 0; + } } memset(line, 0 , sizeof(line)); } @@ -801,6 +805,7 @@ sendcnss_cmd(int sock_fd, int32_t cmd, int len, uint8_t *buf) nlh = malloc(NLMSG_SPACE(slot_len)); if (nlh == NULL) { fprintf(stderr, "Cannot allocate memory \n"); + free(slot_buf); return -1; } memset(nlh, 0, NLMSG_SPACE(slot_len)); @@ -810,7 +815,9 @@ sendcnss_cmd(int sock_fd, int32_t cmd, int len, uint8_t *buf) nlh->nlmsg_flags = NLM_F_REQUEST; memcpy(NLMSG_DATA(nlh), slot_buf, slot_len); + free(slot_buf); + memset(&msg, 0, sizeof(msg)); iov.iov_base = (void *)nlh; iov.iov_len = nlh->nlmsg_len; msg.msg_name = (void *)&dest_addr; @@ -984,11 +991,9 @@ process_diagfw_msg(uint8_t *datap, uint16_t len, uint32_t optionflag, } entry = diag_find_by_id(id); if (entry) { - if (entry->format && entry->pack) { + if ((payloadlen > 0) && (entry->format && entry->pack)) { debug_printf("entry->format = %s pack = %s\n", entry->format, entry->pack); - } - if ((payloadlen > 0) && entry->pack) { if (payloadlen < BUF_SIZ) memcpy(payload_buf, payload, payloadlen); else |