diff options
| author | Praveen Kumar Sirisilla <c_pksiri@qca.qualcomm.com> | 2014-01-24 14:27:13 -0800 |
|---|---|---|
| committer | Prakash Dhavali <pdhavali@qca.qualcomm.com> | 2014-01-26 00:06:02 -0800 |
| commit | 86ab75e83ace45f6f40308d045150051abb3ed09 (patch) | |
| tree | 3462b7691e2f2d511b2a1eff9befea64cdabe99f | |
| parent | 270b843cf81a609c8b1fe9e13c6a5073c04e459c (diff) | |
Unsafe use of Assert on MAC-SME modules.
The CR identifies improper use of vos assert.At some places NULL
pointers are asserted but no action is taken.This patch fixes such
issues.
Change-Id: Ia997c6c7bf758a508d17c8d6a510ced6049e7492
CRs-Fixed: 589661
| -rw-r--r-- | CORE/MAC/src/pe/lim/limScanResultUtils.c | 7 | ||||
| -rw-r--r-- | CORE/SAP/src/sapModule.c | 6 | ||||
| -rw-r--r-- | CORE/SME/src/QoS/sme_Qos.c | 71 | ||||
| -rw-r--r-- | CORE/SME/src/btc/btcApi.c | 12 | ||||
| -rw-r--r-- | CORE/SME/src/csr/csrApiRoam.c | 66 | ||||
| -rw-r--r-- | CORE/SME/src/csr/csrApiScan.c | 19 | ||||
| -rw-r--r-- | CORE/SME/src/csr/csrCmdProcess.c | 6 | ||||
| -rw-r--r-- | CORE/SME/src/csr/csrNeighborRoam.c | 41 | ||||
| -rw-r--r-- | CORE/SME/src/csr/csrUtil.c | 6 | ||||
| -rw-r--r-- | CORE/SME/src/p2p/p2p_Api.c | 1 | ||||
| -rw-r--r-- | CORE/SME/src/pmc/pmc.c | 63 |
11 files changed, 235 insertions, 63 deletions
diff --git a/CORE/MAC/src/pe/lim/limScanResultUtils.c b/CORE/MAC/src/pe/lim/limScanResultUtils.c index 4755a6074981..3710177c4217 100644 --- a/CORE/MAC/src/pe/lim/limScanResultUtils.c +++ b/CORE/MAC/src/pe/lim/limScanResultUtils.c @@ -145,7 +145,12 @@ limCollectBssDescription(tpAniSirGlobal pMac, tANI_U8 rfBand = 0; pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo); - VOS_ASSERT(WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) >= SIR_MAC_B_PR_SSID_OFFSET); + + if (SIR_MAC_B_PR_SSID_OFFSET > WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo)) + { + VOS_ASSERT(WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) >= SIR_MAC_B_PR_SSID_OFFSET); + return eHAL_STATUS_FAILURE; + } ieLen = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) - SIR_MAC_B_PR_SSID_OFFSET; rxChannel = WDA_GET_RX_CH(pRxPacketInfo); pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo); diff --git a/CORE/SAP/src/sapModule.c b/CORE/SAP/src/sapModule.c index 731ea68c4ca8..17af0026da54 100644 --- a/CORE/SAP/src/sapModule.c +++ b/CORE/SAP/src/sapModule.c @@ -145,7 +145,11 @@ WLANSAP_Open ptSapContext pSapCtx = NULL; /*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*/ - VOS_ASSERT(pvosGCtx); + if (NULL == pvosGCtx) + { + VOS_ASSERT(pvosGCtx); + return VOS_STATUS_E_FAULT; + } /*------------------------------------------------------------------------ Allocate (and sanity check?!) SAP control block ------------------------------------------------------------------------*/ diff --git a/CORE/SME/src/QoS/sme_Qos.c b/CORE/SME/src/QoS/sme_Qos.c index daf9db6626c2..fd61b087d8f2 100644 --- a/CORE/SME/src/QoS/sme_Qos.c +++ b/CORE/SME/src/QoS/sme_Qos.c @@ -3366,12 +3366,11 @@ eHalStatus sme_QosCreateTspecRICIE(tpAniSirGlobal pMac, sme_QosWmmTspecInfo *pTs tDot11fIERICDataDesc ricIE; tANI_U32 nStatus; - VOS_ASSERT(NULL != pRICBuffer); - VOS_ASSERT(NULL != pRICLength); - VOS_ASSERT(NULL != pRICIdentifier); - if (pRICBuffer == NULL || pRICIdentifier == NULL || pRICLength == NULL) + { + VOS_ASSERT(0); return eHAL_STATUS_FAILURE; + } vos_mem_zero(&ricIE, sizeof(tDot11fIERICDataDesc)); @@ -4418,10 +4417,14 @@ eHalStatus sme_QosProcessReassocReqEv(tpAniSirGlobal pMac, v_U8_t sessionId, voi "%s: %d: no need for state transition, should " "already be in handoff state", __func__, __LINE__); - VOS_ASSERT(pSession->ac_info[0].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[1].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[2].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[3].curr_state == SME_QOS_HANDOFF); + if ((pSession->ac_info[0].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[1].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[2].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[3].curr_state != SME_QOS_HANDOFF)) + { + VOS_ASSERT(0); + return eHAL_STATUS_FAILURE; + } sme_QosProcessFTReassocReqEv(pMac, sessionId, pEvent_info); return eHAL_STATUS_SUCCESS; } @@ -4433,10 +4436,15 @@ eHalStatus sme_QosProcessReassocReqEv(tpAniSirGlobal pMac, v_U8_t sessionId, voi "%s: %d: no need for state transition, should " "already be in handoff state", __func__, __LINE__); - VOS_ASSERT(pSession->ac_info[0].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[1].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[2].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[3].curr_state == SME_QOS_HANDOFF); + + if ((pSession->ac_info[0].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[1].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[2].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[3].curr_state != SME_QOS_HANDOFF)) + { + VOS_ASSERT(0); + return eHAL_STATUS_FAILURE; + } //buffer the existing flows to be renewed after handoff is done sme_QosBufferExistingFlows(pMac, sessionId); @@ -4452,10 +4460,15 @@ eHalStatus sme_QosProcessReassocReqEv(tpAniSirGlobal pMac, v_U8_t sessionId, voi "%s: %d: no need for state transition, should " "already be in handoff state", __func__, __LINE__); - VOS_ASSERT(pSession->ac_info[0].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[1].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[2].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[3].curr_state == SME_QOS_HANDOFF); + + if ((pSession->ac_info[0].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[1].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[2].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[3].curr_state != SME_QOS_HANDOFF)) + { + VOS_ASSERT(0); + return eHAL_STATUS_FAILURE; + } sme_QosProcessFTReassocReqEv(pMac, sessionId, pEvent_info); return eHAL_STATUS_SUCCESS; @@ -4990,10 +5003,15 @@ eHalStatus sme_QosProcessDisconnectEv(tpAniSirGlobal pMac, v_U8_t sessionId, voi "%s: %d: no need for state transition, should " "already be in handoff state", __func__, __LINE__); - VOS_ASSERT(pSession->ac_info[0].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[1].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[2].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[3].curr_state == SME_QOS_HANDOFF); + if ((pSession->ac_info[0].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[1].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[2].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[3].curr_state != SME_QOS_HANDOFF)) + { + VOS_ASSERT(0); + return eHAL_STATUS_SUCCESS; + } + return eHAL_STATUS_SUCCESS; } sme_QosInitACs(pMac, sessionId); @@ -5057,10 +5075,15 @@ eHalStatus sme_QosProcessJoinReqEv(tpAniSirGlobal pMac, v_U8_t sessionId, void * "%s: %d: no need for state transition, should " "already be in handoff state", __func__, __LINE__); - VOS_ASSERT(pSession->ac_info[0].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[1].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[2].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[3].curr_state == SME_QOS_HANDOFF); + if ((pSession->ac_info[0].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[1].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[2].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[3].curr_state != SME_QOS_HANDOFF)) + { + // just print + VOS_ASSERT(0); + } + //buffer the existing flows to be renewed after handoff is done sme_QosBufferExistingFlows(pMac, sessionId); //clean up the control block partially for handoff diff --git a/CORE/SME/src/btc/btcApi.c b/CORE/SME/src/btc/btcApi.c index 0da0cc789bec..7ac71976410e 100644 --- a/CORE/SME/src/btc/btcApi.c +++ b/CORE/SME/src/btc/btcApi.c @@ -930,7 +930,11 @@ static VOS_STATUS btcDeferAclComplete( tpAniSirGlobal pMac, tpSmeBtEvent pEvent BT_INVALID_CONN_HANDLE ); if(pAclEventHist) { - VOS_ASSERT(pAclEventHist->bNextEventIdx >0); + if (pAclEventHist->bNextEventIdx <= 0) + { + VOS_ASSERT(pAclEventHist->bNextEventIdx >0); + return VOS_STATUS_E_EMPTY; + } //Found one if(BT_CONN_STATUS_SUCCESS != pEvent->uEventParam.btAclConnection.status) { @@ -1098,7 +1102,11 @@ static VOS_STATUS btcDeferSyncComplete( tpAniSirGlobal pMac, tpSmeBtEvent pEvent BT_INVALID_CONN_HANDLE ); if(pSyncEventHist) { - VOS_ASSERT(pSyncEventHist->bNextEventIdx >0); + if (pSyncEventHist->bNextEventIdx <= 0) + { + VOS_ASSERT(pSyncEventHist->bNextEventIdx >0); + return VOS_STATUS_E_EMPTY; + } //Found one if(BT_CONN_STATUS_SUCCESS != pEvent->uEventParam.btSyncConnection.status) { diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c index c9822ff8d062..740570712cdd 100644 --- a/CORE/SME/src/csr/csrApiRoam.c +++ b/CORE/SME/src/csr/csrApiRoam.c @@ -5749,7 +5749,11 @@ static tANI_BOOLEAN csrRoamProcessResults( tpAniSirGlobal pMac, tSmeCmd *pComman roamInfo.pbFrames = pSession->connectedInfo.pbFrames; roamInfo.staId = pSession->connectedInfo.staId; roamInfo.u.pConnectedProfile = &pSession->connectedProfile; - VOS_ASSERT( roamInfo.staId != 0 ); + if (0 == roamInfo.staId) + { + VOS_ASSERT( 0 ); + return eANI_BOOLEAN_FALSE; + } pSession->bRefAssocStartCnt--; csrRoamCallCallback(pMac, sessionId, &roamInfo, pCommand->u.roamCmd.roamId, eCSR_ROAM_ASSOCIATION_COMPLETION, eCSR_ROAM_RESULT_ASSOCIATED); @@ -7587,8 +7591,12 @@ static void csrRoamingStateConfigCnfProcessor( tpAniSirGlobal pMac, tANI_U32 res csrRoamComplete(pMac, eCsrJoinFailure, NULL); return; } - // If we are roaming TO an Infrastructure BSS... - VOS_ASSERT(pScanResult != NULL); + if ( NULL == pScanResult) + { + // If we are roaming TO an Infrastructure BSS... + VOS_ASSERT(pScanResult != NULL); + return; + } if ( csrIsInfraBssDesc( pBssDesc ) ) { tDot11fBeaconIEs *pIesLocal = (tDot11fBeaconIEs *)pScanResult->Result.pvIes; @@ -10136,7 +10144,12 @@ void csrCallRoamingCompletionCallback(tpAniSirGlobal pMac, tCsrRoamSession *pSes if(pSession->bRefAssocStartCnt) { pSession->bRefAssocStartCnt--; - VOS_ASSERT( pSession->bRefAssocStartCnt == 0); + + if (0 != pSession->bRefAssocStartCnt) + { + VOS_ASSERT( pSession->bRefAssocStartCnt == 0); + return; + } //Need to call association_completion because there is an assoc_start pending. csrRoamCallCallback(pMac, pSession->sessionId, NULL, roamId, eCSR_ROAM_ASSOCIATION_COMPLETION, @@ -10417,7 +10430,11 @@ void csrRoamCompletion(tpAniSirGlobal pMac, tANI_U32 sessionId, tCsrRoamInfo *pR if(pCommand) { roamId = pCommand->u.roamCmd.roamId; - VOS_ASSERT( sessionId == pCommand->sessionId ); + if (sessionId != pCommand->sessionId) + { + VOS_ASSERT( sessionId == pCommand->sessionId ); + return; + } } if(eCSR_ROAM_ROAMING_COMPLETION == roamStatus) { @@ -10426,7 +10443,11 @@ void csrRoamCompletion(tpAniSirGlobal pMac, tANI_U32 sessionId, tCsrRoamInfo *pR } else { - VOS_ASSERT(pSession->bRefAssocStartCnt == 0); + if (pSession->bRefAssocStartCnt != 0) + { + VOS_ASSERT(pSession->bRefAssocStartCnt == 0); + return; + } smsLog(pMac, LOGW, FL(" indicates association completion. roamResult = %d"), roamResult); csrRoamCallCallback(pMac, sessionId, pRoamInfo, roamId, roamStatus, roamResult); } @@ -12289,7 +12310,12 @@ static eHalStatus csrRoamStartWds( tpAniSirGlobal pMac, tANI_U32 sessionId, tCsr //Otherwise we need to add code to handle the //situation just like IBSS. Though for WDS station, we need to send disassoc to PE first then //send stop_bss to PE, before we can continue. - VOS_ASSERT( !csrIsConnStateWds( pMac, sessionId ) ); + + if (csrIsConnStateWds( pMac, sessionId )) + { + VOS_ASSERT(0); + return eHAL_STATUS_FAILURE; + } vos_mem_set(&bssConfig, sizeof(tBssConfigParam), 0); /* Assume HDD provide bssid in profile */ vos_mem_copy(&pSession->bssParams.bssid, pProfile->BSSIDs.bssid[0], @@ -13233,8 +13259,12 @@ csrSendMBGetWPSPBCSessions( tpAniSirGlobal pMac, tANI_U32 sessionId, vos_mem_set(pMsg, sizeof( tSirSmeGetWPSPBCSessionsReq ), 0); pMsg->messageType = pal_cpu_to_be16((tANI_U16)eWNI_SME_GET_WPSPBC_SESSION_REQ); pBuf = (tANI_U8 *)&pMsg->pUsrContext; - VOS_ASSERT(pBuf); + if( NULL == pBuf) + { + VOS_ASSERT(pBuf); + return eHAL_STATUS_FAILURE; + } wTmpBuf = pBuf; // pUsrContext dwTmp = pal_cpu_to_be32((tANI_U32)pUsrContext); @@ -14975,7 +15005,11 @@ void csrRoamVccTrigger(tpAniSirGlobal pMac) -------------------------------------------------------------------------*/ ul_mac_loss_trigger_threshold = pMac->roam.configParam.vccUlMacLossThreshold; - VOS_ASSERT( ul_mac_loss_trigger_threshold != 0 ); + if (0 == ul_mac_loss_trigger_threshold) + { + VOS_ASSERT( ul_mac_loss_trigger_threshold != 0 ); + return; + } smsLog(pMac, LOGW, "csrRoamVccTrigger: UL_MAC_LOSS_THRESHOLD is %d", ul_mac_loss_trigger_threshold ); if(ul_mac_loss_trigger_threshold < ul_mac_loss) @@ -16802,7 +16836,12 @@ eHalStatus csrRoamUpdateAPWPSIE( tpAniSirGlobal pMac, tANI_U32 sessionId, tSirAP pMsg->messageType = pal_cpu_to_be16((tANI_U16)eWNI_SME_UPDATE_APWPSIE_REQ); pBuf = (tANI_U8 *)&pMsg->transactionId; - VOS_ASSERT(pBuf); + + if (NULL == pBuf) + { + VOS_ASSERT(pBuf); + return eHAL_STATUS_FAILURE; + } wTmpBuf = pBuf; // transactionId @@ -16842,11 +16881,16 @@ eHalStatus csrRoamUpdateWPARSNIEs( tpAniSirGlobal pMac, tANI_U32 sessionId, tSir pMsg->messageType = pal_cpu_to_be16((tANI_U16)eWNI_SME_SET_APWPARSNIEs_REQ); pBuf = (tANI_U8 *)&pMsg->transactionId; wTmpBuf = pBuf; + + if (NULL == pBuf) + { + VOS_ASSERT(pBuf); + return eHAL_STATUS_FAILURE; + } // transactionId *pBuf = 0; *( pBuf + 1 ) = 0; pBuf += sizeof(tANI_U16); - VOS_ASSERT(pBuf); // bssId vos_mem_copy((tSirMacAddr *)pBuf, &pSession->selfMacAddr, diff --git a/CORE/SME/src/csr/csrApiScan.c b/CORE/SME/src/csr/csrApiScan.c index 015e89870bbf..81ca2ecd514f 100644 --- a/CORE/SME/src/csr/csrApiScan.c +++ b/CORE/SME/src/csr/csrApiScan.c @@ -238,7 +238,11 @@ int csrCheckValidateLists(void * dest, const void *src, v_SIZE_t num, int idx) if((tANI_U32)(pElem->next) > 0x00010000) { pElem = pElem->next; - VOS_ASSERT(count > 0); + if (count <=0) + { + VOS_ASSERT(count > 0); + return 0; + } count--; } else @@ -263,6 +267,7 @@ int csrCheckValidateLists(void * dest, const void *src, v_SIZE_t num, int idx) (unsigned int)dest, (unsigned int)src, (int)num); VOS_ASSERT(0); ii = 0; + return ii; } } else @@ -3247,7 +3252,11 @@ static tCsrScanResult *csrScanSaveBssDescription( tpAniSirGlobal pMac, tSirBssDe pCsrBssDescription->AgingCount = (tANI_S32)pMac->roam.configParam.agingCount; vos_mem_copy(&pCsrBssDescription->Result.BssDescriptor, pBSSDescription, cbBSSDesc); #if defined(VOSS_ENSBALED) - VOS_ASSERT( pCsrBssDescription->Result.pvIes == NULL ); + if ( NULL != pCsrBssDescription->Result.pvIes) + { + VOS_ASSERT( pCsrBssDescription->Result.pvIes == NULL ); + return NULL; + } #endif csrScanAddResult(pMac, pCsrBssDescription, pIes); } @@ -4106,7 +4115,11 @@ tANI_BOOLEAN csrLearnCountryInformation( tpAniSirGlobal pMac, tSirBssDescription } else { - VOS_ASSERT( pMac->scan.domainIdCurrent == pMac->scan.domainIdDefault ); + if (pMac->scan.domainIdCurrent != pMac->scan.domainIdDefault) + { + VOS_ASSERT( pMac->scan.domainIdCurrent == pMac->scan.domainIdDefault ); + return eANI_BOOLEAN_FALSE; + } if( HAL_STATUS_SUCCESS(csrGetRegulatoryDomainForCountry( pMac, pIesLocal->Country.country, &domainId, COUNTRY_QUERY)) && diff --git a/CORE/SME/src/csr/csrCmdProcess.c b/CORE/SME/src/csr/csrCmdProcess.c index 8d88e75e18ce..506b5d8a8d15 100644 --- a/CORE/SME/src/csr/csrCmdProcess.c +++ b/CORE/SME/src/csr/csrCmdProcess.c @@ -124,7 +124,11 @@ tANI_BOOLEAN csrCheckPSReady(void *pv) { tpAniSirGlobal pMac = PMAC_STRUCT( pv ); - VOS_ASSERT( pMac->roam.sPendingCommands >= 0 ); + if (pMac->roam.sPendingCommands < 0) + { + VOS_ASSERT( pMac->roam.sPendingCommands >= 0 ); + return 0; + } return (pMac->roam.sPendingCommands == 0); } diff --git a/CORE/SME/src/csr/csrNeighborRoam.c b/CORE/SME/src/csr/csrNeighborRoam.c index 6de4bc73dbd8..b2c91819dac9 100644 --- a/CORE/SME/src/csr/csrNeighborRoam.c +++ b/CORE/SME/src/csr/csrNeighborRoam.c @@ -974,8 +974,12 @@ static eHalStatus csrNeighborRoamIssuePreauthReq(tpAniSirGlobal pMac) tCsrRoamInfo *roamInfo; #endif - /* This must not be true here */ - VOS_ASSERT(pNeighborRoamInfo->FTRoamInfo.preauthRspPending == eANI_BOOLEAN_FALSE); + if (eANI_BOOLEAN_FALSE != pNeighborRoamInfo->FTRoamInfo.preauthRspPending) + { + /* This must not be true here */ + VOS_ASSERT(pNeighborRoamInfo->FTRoamInfo.preauthRspPending == eANI_BOOLEAN_FALSE); + return eHAL_STATUS_FAILURE; + } /* Issue Preauth request to PE here */ /* Need to issue the preauth request with the BSSID that is there in the head of the roamable AP list */ @@ -2207,7 +2211,12 @@ static eHalStatus csrNeighborRoamScanRequestCallback(tHalHandle halHandle, void /* Now we have completed scanning the channel list. We have get the result by applying appropriate filter sort the results based on neighborScore and RSSI and select the best candidate out of the list */ NEIGHBOR_ROAM_DEBUG(pMac, LOGW, FL("Channel list scan completed. Current chan index = %d"), currentChanIndex); - VOS_ASSERT(pNeighborRoamInfo->roamChannelInfo.currentChanIndex == 0); + + if (pNeighborRoamInfo->roamChannelInfo.currentChanIndex != 0) + { + VOS_ASSERT(pNeighborRoamInfo->roamChannelInfo.currentChanIndex == 0); + return eHAL_STATUS_FAILURE; + } hstatus = csrNeighborRoamProcessScanComplete(pMac); @@ -2640,7 +2649,11 @@ void csrNeighborRoamNeighborScanTimerCallback(void *pv) return; } - VOS_ASSERT(sessionId == pNeighborRoamInfo->csrSessionId); + if (sessionId != pNeighborRoamInfo->csrSessionId) + { + VOS_ASSERT(sessionId == pNeighborRoamInfo->csrSessionId); + return; + } switch (pNeighborRoamInfo->neighborRoamState) { @@ -3528,7 +3541,6 @@ VOS_STATUS csrNeighborRoamTransitToCFGChanScan(tpAniSirGlobal pMac) numOfChannels * sizeof(tANI_U8)); } - VOS_ASSERT(currChannelListInfo->ChannelList == NULL); currChannelListInfo->ChannelList = vos_mem_malloc(numOfChannels * sizeof(tANI_U8)); if (NULL == currChannelListInfo->ChannelList) @@ -3842,7 +3854,11 @@ VOS_STATUS csrNeighborRoamNeighborLookupUPCallback (v_PVOID_t pAdapter, v_U8_t r return VOS_STATUS_SUCCESS; } - VOS_ASSERT(WLANTL_HO_THRESHOLD_UP == rssiNotification); + if (WLANTL_HO_THRESHOLD_UP != rssiNotification) + { + VOS_ASSERT(WLANTL_HO_THRESHOLD_UP == rssiNotification); + return VOS_STATUS_E_FAILURE; + } vosStatus = csrNeighborRoamNeighborLookupUpEvent(pMac); return vosStatus; } @@ -3882,7 +3898,11 @@ VOS_STATUS csrNeighborRoamNeighborLookupDOWNCallback (v_PVOID_t pAdapter, v_U8_t return VOS_STATUS_SUCCESS; } - VOS_ASSERT(WLANTL_HO_THRESHOLD_DOWN == rssiNotification); + if (WLANTL_HO_THRESHOLD_DOWN != rssiNotification) + { + VOS_ASSERT(WLANTL_HO_THRESHOLD_DOWN == rssiNotification); + return VOS_STATUS_E_FAILURE; + } vosStatus = csrNeighborRoamNeighborLookupDownEvent(pMac); return vosStatus; @@ -4666,8 +4686,11 @@ void csrNeighborRoamGetHandoffAPInfo(tpAniSirGlobal pMac, tpCsrNeighborRoamBSSIn tpCsrNeighborRoamControlInfo pNeighborRoamInfo = &pMac->roam.neighborRoamInfo; tpCsrNeighborRoamBSSInfo pBssNode; - VOS_ASSERT(NULL != pHandoffNode); - + if (NULL == pHandoffNode) + { + VOS_ASSERT(NULL != pHandoffNode); + return; + } #ifdef WLAN_FEATURE_VOWIFI_11R if (pNeighborRoamInfo->is11rAssoc) { diff --git a/CORE/SME/src/csr/csrUtil.c b/CORE/SME/src/csr/csrUtil.c index 2e498d870d5c..26bc906900b2 100644 --- a/CORE/SME/src/csr/csrUtil.c +++ b/CORE/SME/src/csr/csrUtil.c @@ -1939,7 +1939,11 @@ eCsrMediaAccessType csrGetQoSFromBssDesc( tHalHandle hHal, tSirBssDescription *p { eCsrMediaAccessType qosType = eCSR_MEDIUM_ACCESS_DCF; - VOS_ASSERT( pIes != NULL ); + if (NULL == pIes) + { + VOS_ASSERT( pIes != NULL ); + return( qosType ); + } do { diff --git a/CORE/SME/src/p2p/p2p_Api.c b/CORE/SME/src/p2p/p2p_Api.c index 5a65dd1cc361..601a005d0087 100644 --- a/CORE/SME/src/p2p/p2p_Api.c +++ b/CORE/SME/src/p2p/p2p_Api.c @@ -1540,6 +1540,7 @@ static eHalStatus p2pListenStateDiscoverableCallback(tHalHandle halHandle, void if (!VOS_IS_STATUS_SUCCESS(status)) { VOS_ASSERT(status); + return status; } } else diff --git a/CORE/SME/src/pmc/pmc.c b/CORE/SME/src/pmc/pmc.c index f1cba31cd8cd..fde38b8910f5 100644 --- a/CORE/SME/src/pmc/pmc.c +++ b/CORE/SME/src/pmc/pmc.c @@ -275,10 +275,18 @@ eHalStatus pmcEnterRequestFullPowerState (tHalHandle hHal, tRequestFullPowerReas if ( pMac->pmc.rfSuppliesVotedOff ) { status = vos_chipVoteOnRFSupply(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + if(VOS_STATUS_SUCCESS != status) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } status = vos_chipVoteOnXOBuffer(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + if(VOS_STATUS_SUCCESS != status) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } pMac->pmc.rfSuppliesVotedOff = FALSE; } @@ -484,10 +492,18 @@ eHalStatus pmcEnterImpsState (tHalHandle hHal) //Vote off RF supplies. Note RF supllies are not voted off if there is a //pending request for full power already status = vos_chipVoteOffRFSupply(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + if (VOS_STATUS_SUCCESS != status ) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } status = vos_chipVoteOffXOBuffer(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + if (VOS_STATUS_SUCCESS != status) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } pMac->pmc.rfSuppliesVotedOff= TRUE; @@ -1493,10 +1509,20 @@ eHalStatus pmcEnterStandbyState (tHalHandle hHal) //Note that RF supplies are not voted off if there is already a pending request //for full power status = vos_chipVoteOffRFSupply(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + + if (VOS_STATUS_SUCCESS != status) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } status = vos_chipVoteOffXOBuffer(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + + if (VOS_STATUS_SUCCESS != status) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } pMac->pmc.rfSuppliesVotedOff= TRUE; @@ -1842,7 +1868,12 @@ static void pmcProcessDeferredMsg( tpAniSirGlobal pMac ) switch (pDeferredMsg->messageType) { case eWNI_PMC_WOWL_ADD_BCAST_PTRN: - VOS_ASSERT( pDeferredMsg->size == sizeof(tSirWowlAddBcastPtrn) ); + if (pDeferredMsg->size != sizeof(tSirWowlAddBcastPtrn)) + { + VOS_ASSERT( pDeferredMsg->size == sizeof(tSirWowlAddBcastPtrn) ); + return; + } + if (pmcSendMessage(pMac, eWNI_PMC_WOWL_ADD_BCAST_PTRN, &pDeferredMsg->u.wowlAddPattern, sizeof(tSirWowlAddBcastPtrn)) != eHAL_STATUS_SUCCESS) @@ -1852,7 +1883,11 @@ static void pmcProcessDeferredMsg( tpAniSirGlobal pMac ) break; case eWNI_PMC_WOWL_DEL_BCAST_PTRN: - VOS_ASSERT( pDeferredMsg->size == sizeof(tSirWowlDelBcastPtrn) ); + if (pDeferredMsg->size != sizeof(tSirWowlDelBcastPtrn)) + { + VOS_ASSERT( pDeferredMsg->size == sizeof(tSirWowlDelBcastPtrn) ); + return; + } if (pmcSendMessage(pMac, eWNI_PMC_WOWL_DEL_BCAST_PTRN, &pDeferredMsg->u.wowlDelPattern, sizeof(tSirWowlDelBcastPtrn)) != eHAL_STATUS_SUCCESS) @@ -1862,7 +1897,11 @@ static void pmcProcessDeferredMsg( tpAniSirGlobal pMac ) break; case eWNI_PMC_PWR_SAVE_CFG: - VOS_ASSERT( pDeferredMsg->size == sizeof(tSirPowerSaveCfg) ); + if (pDeferredMsg->size != sizeof(tSirPowerSaveCfg)) + { + VOS_ASSERT( pDeferredMsg->size == sizeof(tSirPowerSaveCfg) ); + return; + } if (pmcSendMessage(pMac, eWNI_PMC_PWR_SAVE_CFG, &pDeferredMsg->u.powerSaveConfig, sizeof(tSirPowerSaveCfg)) != eHAL_STATUS_SUCCESS) @@ -2020,7 +2059,11 @@ eHalStatus pmcPrepareCommand( tpAniSirGlobal pMac, tANI_U32 sessionId, eHalStatus status = eHAL_STATUS_RESOURCES; tSmeCmd *pCommand = NULL; - VOS_ASSERT( ppCmd ); + if (NULL == ppCmd) + { + VOS_ASSERT( ppCmd ); + return eHAL_STATUS_FAILURE; + } do { pCommand = smeGetCommandBuffer( pMac ); |