diff options
| author | Naveen Rawat <nrawat@qca.qualcomm.com> | 2015-05-19 18:20:17 -0700 |
|---|---|---|
| committer | AnjaneeDevi Kapparapu <c_akappa@qti.qualcomm.com> | 2015-05-21 16:14:31 +0530 |
| commit | 75e878b808b979c97e52b6089314c773cb0c7d38 (patch) | |
| tree | 931fd1e95b260ffa805bc24c366225c1eee3fd6f | |
| parent | d2b18c6e65476241d32e9a962febbb879cfda3c8 (diff) | |
qcacld-2.0: Fix for issues reported by static analysis tool
Fix for prevent issues on Phillppe project. These include:
1) Out of bound errors
2) Memory leaks
3) Null pointer dereferenc
etc,
Change-Id: I8a42fd747b0b53185cb74a54461703679fcc5505
CRs-Fixed: 836074
| -rw-r--r-- | CORE/MAC/src/pe/lim/limFT.c | 2 | ||||
| -rw-r--r-- | CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c | 19 | ||||
| -rw-r--r-- | CORE/MAC/src/pe/lim/limProcessTdls.c | 3 | ||||
| -rw-r--r-- | CORE/MAC/src/pe/lim/limUtils.c | 2 | ||||
| -rw-r--r-- | CORE/SAP/src/sapModule.c | 2 | ||||
| -rw-r--r-- | CORE/SERVICES/DFS/src/dfs_process_phyerr.c | 2 | ||||
| -rw-r--r-- | CORE/SME/src/csr/csrApiRoam.c | 54 | ||||
| -rw-r--r-- | CORE/SME/src/csr/csrNeighborRoam.c | 22 | ||||
| -rw-r--r-- | CORE/SME/src/sme_common/sme_FTApi.c | 3 | ||||
| -rw-r--r-- | CORE/SYS/legacy/src/system/src/macInitApi.c | 2 |
10 files changed, 56 insertions, 55 deletions
diff --git a/CORE/MAC/src/pe/lim/limFT.c b/CORE/MAC/src/pe/lim/limFT.c index b096642722a2..6e6b7621d3f4 100644 --- a/CORE/MAC/src/pe/lim/limFT.c +++ b/CORE/MAC/src/pe/lim/limFT.c @@ -1123,6 +1123,7 @@ void limPostFTPreAuthRsp(tpAniSirGlobal pMac, tSirRetStatus status, #if defined WLAN_FEATURE_VOWIFI_11R_DEBUG PELOGE(limLog(pMac, LOGE, FL("psessionEntry is not in STA mode"));) #endif + vos_mem_free(pFTPreAuthRsp); return; } pFTPreAuthRsp->smeSessionId = psessionEntry->smeSessionId; @@ -1830,6 +1831,7 @@ limProcessFTAggrQosReq(tpAniSirGlobal pMac, tANI_U32 *pMsgBuf ) #if defined WLAN_FEATURE_VOWIFI_11R_DEBUG PELOGE(limLog(pMac, LOGE, FL("psessionEntry is not in STA mode"));) #endif + vos_mem_free(pAggrAddTsParam); return eSIR_FAILURE; } diff --git a/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c b/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c index 5bb97d13744f..03b8229c7830 100644 --- a/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c +++ b/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c @@ -1265,7 +1265,8 @@ if (limPopulateMatchingRateSet(pMac, subType, true, authType, peerIdx, true, (tSirResultCodes) eSIR_MAC_UNSPEC_FAILURE_STATUS, psessionEntry); - pAssocReq = psessionEntry->parsedAssocReq[pStaDs->assocId]; + if(psessionEntry->parsedAssocReq) + pAssocReq = psessionEntry->parsedAssocReq[pStaDs->assocId]; goto error; } @@ -1388,7 +1389,8 @@ if (limPopulateMatchingRateSet(pMac, } // BTAMP: Storing the parsed assoc request in the psessionEntry array - psessionEntry->parsedAssocReq[pStaDs->assocId] = pAssocReq; + if(psessionEntry->parsedAssocReq) + psessionEntry->parsedAssocReq[pStaDs->assocId] = pAssocReq; assoc_req_copied = true; /* BTAMP: If STA context already exist (ie. updateContext = 1) @@ -1414,7 +1416,8 @@ if (limPopulateMatchingRateSet(pMac, true, pStaDs->mlmStaContext.authType, pStaDs->assocId, true, (tSirResultCodes) eSIR_MAC_UNSPEC_FAILURE_STATUS, psessionEntry); - pAssocReq = psessionEntry->parsedAssocReq[pStaDs->assocId]; + if(psessionEntry->parsedAssocReq) + pAssocReq = psessionEntry->parsedAssocReq[pStaDs->assocId]; goto error; } } @@ -1438,7 +1441,8 @@ if (limPopulateMatchingRateSet(pMac, //Restoring the state back. pStaDs->mlmStaContext.mlmState = mlmPrevState; - pAssocReq = psessionEntry->parsedAssocReq[pStaDs->assocId]; + if(psessionEntry->parsedAssocReq) + pAssocReq = psessionEntry->parsedAssocReq[pStaDs->assocId]; goto error; } } @@ -1455,7 +1459,9 @@ if (limPopulateMatchingRateSet(pMac, //Restoring the state back. pStaDs->mlmStaContext.mlmState = mlmPrevState; - pAssocReq = psessionEntry->parsedAssocReq[pStaDs->assocId]; + if(psessionEntry->parsedAssocReq) + pAssocReq = + psessionEntry->parsedAssocReq[pStaDs->assocId]; goto error; } @@ -1484,7 +1490,8 @@ error: } vos_mem_free(pAssocReq); if (assoc_req_copied) /* to avoid double free */ - psessionEntry->parsedAssocReq[pStaDs->assocId] = NULL; + if(psessionEntry->parsedAssocReq) + psessionEntry->parsedAssocReq[pStaDs->assocId] = NULL; } /* If it is not duplicate Assoc request then only free the memory */ diff --git a/CORE/MAC/src/pe/lim/limProcessTdls.c b/CORE/MAC/src/pe/lim/limProcessTdls.c index 858e7ff521f9..a87584910b57 100644 --- a/CORE/MAC/src/pe/lim/limProcessTdls.c +++ b/CORE/MAC/src/pe/lim/limProcessTdls.c @@ -2210,7 +2210,8 @@ limTdlsPopulateMatchingRateSet(tpAniSirGlobal pMac, static void limTdlsUpdateHashNodeInfo(tpAniSirGlobal pMac, tDphHashNode *pStaDs, tSirTdlsAddStaReq *pTdlsAddStaReq, tpPESession psessionEntry) { - tDot11fIEHTCaps htCap, *htCaps; + tDot11fIEHTCaps htCap = {0,}; + tDot11fIEHTCaps *htCaps; tDot11fIEVHTCaps *pVhtCaps = NULL; tDot11fIEVHTCaps *pVhtCaps_txbf = NULL; #ifdef WLAN_FEATURE_11AC diff --git a/CORE/MAC/src/pe/lim/limUtils.c b/CORE/MAC/src/pe/lim/limUtils.c index d56a7c646277..6381d1107234 100644 --- a/CORE/MAC/src/pe/lim/limUtils.c +++ b/CORE/MAC/src/pe/lim/limUtils.c @@ -7446,7 +7446,7 @@ void lim_set_ht_caps(tpAniSirGlobal p_mac, tpPESession p_session_entry, tANI_U8 *p_ie_start,tANI_U32 num_bytes) { v_U8_t *p_ie=NULL; - tDot11fIEHTCaps dot11_ht_cap; + tDot11fIEHTCaps dot11_ht_cap = {0,}; PopulateDot11fHTCaps(p_mac, p_session_entry, &dot11_ht_cap); p_ie = limGetIEPtr(p_mac, p_ie_start, num_bytes, DOT11F_EID_HTCAPS, diff --git a/CORE/SAP/src/sapModule.c b/CORE/SAP/src/sapModule.c index fe1dbc71af03..5caf7c80e33f 100644 --- a/CORE/SAP/src/sapModule.c +++ b/CORE/SAP/src/sapModule.c @@ -3403,6 +3403,8 @@ WLANSAP_UpdateSapConfigAddIE(tsap_Config_t *pConfig, default: VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_INFO, FL("No matching buffer type %d"), updateType); + if (pBuffer != NULL) + vos_mem_free(pBuffer); break; } diff --git a/CORE/SERVICES/DFS/src/dfs_process_phyerr.c b/CORE/SERVICES/DFS/src/dfs_process_phyerr.c index e85eaf04d055..8656502de32f 100644 --- a/CORE/SERVICES/DFS/src/dfs_process_phyerr.c +++ b/CORE/SERVICES/DFS/src/dfs_process_phyerr.c @@ -237,7 +237,7 @@ dfs_process_phyerr_sowl(struct ath_dfs *dfs, void *buf, u_int16_t datalen, const char *cbuf = (const char *) buf; u_int8_t dur = 0; u_int8_t pulse_bw_info, pulse_length_ext, pulse_length_pri; - int pri_found, ext_found; + int pri_found = 0, ext_found = 0; int early_ext = 0; int event_width; diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c index 1d69ade2e26e..c150e972d65c 100644 --- a/CORE/SME/src/csr/csrApiRoam.c +++ b/CORE/SME/src/csr/csrApiRoam.c @@ -4525,18 +4525,16 @@ static eCsrJoinState csrRoamJoinNextBss( tpAniSirGlobal pMac, tSmeCmd *pCommand, //For WDS, the indication is eCSR_ROAM_WDS_IND if( CSR_IS_INFRASTRUCTURE( pProfile ) ) { - if(pRoamInfo) + if(pSession->bRefAssocStartCnt) { - if(pSession->bRefAssocStartCnt) - { - pSession->bRefAssocStartCnt--; - pRoamInfo->pProfile = pProfile; - /* Complete the last association attempt because a new one - is about to be tried */ - csrRoamCallCallback(pMac, sessionId, pRoamInfo, pCommand->u.roamCmd.roamId, - eCSR_ROAM_ASSOCIATION_COMPLETION, - eCSR_ROAM_RESULT_NOT_ASSOCIATED); - } + pSession->bRefAssocStartCnt--; + pRoamInfo->pProfile = pProfile; + /* Complete the last association attempt because a new one + is about to be tried */ + csrRoamCallCallback(pMac, sessionId, pRoamInfo, + pCommand->u.roamCmd.roamId, + eCSR_ROAM_ASSOCIATION_COMPLETION, + eCSR_ROAM_RESULT_NOT_ASSOCIATED); } /* If the roaming has stopped, not to continue the roaming command*/ if ( !CSR_IS_ROAMING(pSession) && CSR_IS_ROAMING_COMMAND(pCommand) ) @@ -10948,6 +10946,11 @@ void csrRoamWaitForKeyTimeOutHandler(void *pv) tCsrRoamSession *pSession = CSR_GET_SESSION( pMac, pInfo->sessionId ); eHalStatus status = eHAL_STATUS_FAILURE; + if(pSession == NULL) { + smsLog(pMac, LOGE, "%s: session not found", __func__); + return; + } + smsLog(pMac, LOGW, FL("WaitForKey timer expired in state=%s sub-state=%s"), macTraceGetNeighbourRoamState( pMac->roam.neighborRoamInfo[pInfo->sessionId].neighborRoamState), @@ -10980,32 +10983,24 @@ void csrRoamWaitForKeyTimeOutHandler(void *pv) pInfo->sessionId); } - if (pSession) + if( csrIsConnStateConnectedInfra(pMac, pInfo->sessionId) ) { - if( csrIsConnStateConnectedInfra(pMac, pInfo->sessionId) ) + csrRoamLinkUp(pMac, pSession->connectedProfile.bssid); + smeProcessPendingQueue(pMac); + status = sme_AcquireGlobalLock(&pMac->sme); + if (HAL_STATUS_SUCCESS(status )) { - csrRoamLinkUp(pMac, pSession->connectedProfile.bssid); - smeProcessPendingQueue(pMac); - status = sme_AcquireGlobalLock(&pMac->sme); - if (HAL_STATUS_SUCCESS(status )) - { - csrRoamDisconnect(pMac, pInfo->sessionId, + csrRoamDisconnect(pMac, pInfo->sessionId, eCSR_DISCONNECT_REASON_UNSPECIFIED); - sme_ReleaseGlobalLock(&pMac->sme); - } - } - else - { - smsLog(pMac, LOGE, "%s: Session id %d is disconnected", - __func__, pInfo->sessionId); + sme_ReleaseGlobalLock(&pMac->sme); } } else { - smsLog(pMac, LOGE, "%s: session not found", __func__); + smsLog(pMac, LOGE, "%s: Session id %d is disconnected", + __func__, pInfo->sessionId); } } - } eHalStatus csrRoamStartWaitForKeyTimer(tpAniSirGlobal pMac, tANI_U32 interval) @@ -18031,6 +18026,7 @@ csrRoamIssueFTPreauthReq(tHalHandle hHal, tANI_U32 sessionId, { smsLog(pMac, LOGE, FL("Memory allocation for FT Preauth request failed")); + vos_mem_free(pftPreAuthReq); return eHAL_STATUS_RESOURCES; } @@ -18553,7 +18549,6 @@ csrRoamModifyAddIEs(tpAniSirGlobal pMac, FL("Failed to send eWNI_SME_UPDATE_ADDTIONAL_IES msg" "!!! status %d"), status); vos_mem_free(pLocalBuffer); - vos_mem_free(pModifyAddIEInd); } return status; } @@ -18627,7 +18622,6 @@ csrRoamUpdateAddIEs(tpAniSirGlobal pMac, FL("Failed to send eWNI_SME_UPDATE_ADDTIONAL_IES msg" "!!! status %d"), status); vos_mem_free(pLocalBuffer); - vos_mem_free(pUpdateAddIEs); } return status; } diff --git a/CORE/SME/src/csr/csrNeighborRoam.c b/CORE/SME/src/csr/csrNeighborRoam.c index 707ca9ca9fd1..477e9db21079 100644 --- a/CORE/SME/src/csr/csrNeighborRoam.c +++ b/CORE/SME/src/csr/csrNeighborRoam.c @@ -390,11 +390,11 @@ csrNeighborRoamUpdateFastRoamingEnabled(tpAniSirGlobal pMac, WLANTL_HO_THRESHOLD_DOWN, csrNeighborRoamNeighborLookupDOWNCallback, VOS_MODULE_ID_SME, pUsrCtx); + vos_mem_free(pUsrCtx); if (!VOS_IS_STATUS_SUCCESS(vosStatus)) { smsLog(pMac, LOGW, FL("Failed to register RSSI indication callback = %d"), vosStatus); - vos_mem_free(pUsrCtx); vosStatus = VOS_STATUS_E_FAILURE; } #ifdef WLAN_FEATURE_ROAM_SCAN_OFFLOAD @@ -473,14 +473,13 @@ VOS_STATUS csrNeighborRoamUpdateEseModeEnabled(tpAniSirGlobal pMac, WLANTL_HO_THRESHOLD_DOWN, csrNeighborRoamNeighborLookupDOWNCallback, VOS_MODULE_ID_SME, pUsrCtx); - + vos_mem_free(pUsrCtx); if (!VOS_IS_STATUS_SUCCESS(vosStatus)) { smsLog(pMac, LOGW, FL("Failed to register RSSI indication callback: Status = %d"), vosStatus); /* Registration failed, free the user context */ - vos_mem_free(pUsrCtx); vosStatus = VOS_STATUS_E_FAILURE; } #ifdef WLAN_FEATURE_ROAM_SCAN_OFFLOAD @@ -576,14 +575,13 @@ VOS_STATUS csrNeighborRoamSetLookupRssiThreshold(tpAniSirGlobal pMac, WLANTL_HO_THRESHOLD_DOWN, csrNeighborRoamNeighborLookupDOWNCallback, VOS_MODULE_ID_SME, pUsrCtx); - + vos_mem_free(pUsrCtx); if (!VOS_IS_STATUS_SUCCESS(vosStatus)) { smsLog(pMac, LOGE, FL("Failed to register DOWN event with TL: Status = %d"), vosStatus); /* Registration failed, free the user context */ - vos_mem_free(pUsrCtx); vosStatus = VOS_STATUS_E_FAILURE; } #ifdef WLAN_FEATURE_ROAM_SCAN_OFFLOAD @@ -1680,12 +1678,11 @@ eHalStatus csrNeighborRoamPreauthRspHandler(tpAniSirGlobal pMac, WLANTL_HO_THRESHOLD_UP, csrNeighborRoamNeighborLookupUPCallback, VOS_MODULE_ID_SME, pUsrCtx); + vos_mem_free(pUsrCtx); if(!VOS_IS_STATUS_SUCCESS(vosStatus)) { //err msg smsLog(pMac, LOGE, FL(" Couldn't register csrNeighborRoamNeighborLookupCallback UP event with TL: Status = %d"), status); - - vos_mem_free(pUsrCtx); } /* Start the neighbor results refresh timer and transition to REPORT_SCAN state to perform scan again */ @@ -2470,12 +2467,12 @@ static VOS_STATUS csrNeighborRoamHandleEmptyScanResult(tpAniSirGlobal pMac, csrNeighborRoamNeighborLookupDOWNCallback, VOS_MODULE_ID_SME, pUsrCtx); + vos_mem_free(pUsrCtx); if(!VOS_IS_STATUS_SUCCESS(vosStatus)) { smsLog(pMac, LOGW, FL("Couldn't re-register csrNeighborRoamNeighborLookupDOWNCallback" " with TL: Status = %d"), status); - vos_mem_free(pUsrCtx); } #ifdef FEATURE_WLAN_LFR @@ -2785,14 +2782,13 @@ static eHalStatus csrNeighborRoamProcessScanComplete (tpAniSirGlobal pMac, WLANTL_HO_THRESHOLD_DOWN, csrNeighborRoamReassocIndCallback, VOS_MODULE_ID_SME, pUsrCtx); - + vos_mem_free(pUsrCtx); if (!VOS_IS_STATUS_SUCCESS(vosStatus)) { //err msg smsLog(pMac, LOGW, FL( "Couldn't register with TL: Status = %d"), vosStatus); - vos_mem_free(pUsrCtx); } #ifdef WLAN_FEATURE_ROAM_SCAN_OFFLOAD } @@ -4589,11 +4585,11 @@ VOS_STATUS csrNeighborRoamNeighborLookupUpEvent(tpAniSirGlobal pMac, #ifdef FEATURE_WLAN_LFR pNeighborRoamInfo->lookupDOWNRssi = 0; #endif + vos_mem_free(pUsrCtx); if (!VOS_IS_STATUS_SUCCESS(vosStatus)) { //err msg smsLog(pMac, LOGW, FL(" Couldn't register csrNeighborRoamNeighborLookupCallback DOWN event with TL: Status = %d"), vosStatus); - vos_mem_free(pUsrCtx); } @@ -4693,6 +4689,7 @@ VOS_STATUS csrNeighborRoamNeighborLookupDownEvent(tpAniSirGlobal pMac, WLANTL_HO_THRESHOLD_UP, csrNeighborRoamNeighborLookupUPCallback, VOS_MODULE_ID_SME, pUsrCtx); + vos_mem_free(pUsrCtx); if(!VOS_IS_STATUS_SUCCESS(vosStatus)) { //err msg @@ -4700,7 +4697,6 @@ VOS_STATUS csrNeighborRoamNeighborLookupDownEvent(tpAniSirGlobal pMac, FL(" Couldn't register csrNeighborRoamNeighborLookupCallback" "UP event with TL: Status = %d"), status); - vos_mem_free(pUsrCtx); } break; default: @@ -5275,11 +5271,11 @@ eHalStatus csrNeighborRoamIndicateConnect(tpAniSirGlobal pMac, #ifdef FEATURE_WLAN_LFR pNeighborRoamInfo->lookupDOWNRssi = 0; #endif + vos_mem_free(pUsrCtx); if(!VOS_IS_STATUS_SUCCESS(vstatus)) { //err msg smsLog(pMac, LOGW, FL(" Couldn't register csrNeighborRoamNeighborLookupDOWNCallback with TL: Status = %d"), vstatus); - vos_mem_free(pUsrCtx); status = eHAL_STATUS_FAILURE; } #ifdef WLAN_FEATURE_ROAM_SCAN_OFFLOAD diff --git a/CORE/SME/src/sme_common/sme_FTApi.c b/CORE/SME/src/sme_common/sme_FTApi.c index 01cac677d00d..56573eb43109 100644 --- a/CORE/SME/src/sme_common/sme_FTApi.c +++ b/CORE/SME/src/sme_common/sme_FTApi.c @@ -611,8 +611,7 @@ void sme_FTReset(tHalHandle hHal, tANI_U32 sessionId) pSession->ftSmeContext.psavedFTPreAuthRsp); #endif vos_mem_free(pSession->ftSmeContext.psavedFTPreAuthRsp); - vos_mem_set(pSession->ftSmeContext.psavedFTPreAuthRsp, - sizeof(tSirFTPreAuthRsp), 0); + pSession->ftSmeContext.psavedFTPreAuthRsp = NULL; } pSession->ftSmeContext.setFTPreAuthState = VOS_FALSE; pSession->ftSmeContext.setFTPTKState = VOS_FALSE; diff --git a/CORE/SYS/legacy/src/system/src/macInitApi.c b/CORE/SYS/legacy/src/system/src/macInitApi.c index 2455691d378c..b2f9e3555f2e 100644 --- a/CORE/SYS/legacy/src/system/src/macInitApi.c +++ b/CORE/SYS/legacy/src/system/src/macInitApi.c @@ -209,8 +209,8 @@ tSirRetStatus macOpen(tHalHandle *pHalHandle, tHddHandle hHdd, tMacOpenParameter status = peOpen(p_mac, pMacOpenParms); if (eSIR_SUCCESS != status) { - vos_mem_free(p_mac); sysLog(p_mac, LOGE, FL("macOpen failure\n")); + vos_mem_free(p_mac); return status; } |