summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSreelakshmi Konamki <skonam@codeaurora.org>2016-11-24 12:34:34 +0530
committerGerrit - the friendly Code Review server <code-review@localhost>2016-11-24 01:42:12 -0800
commitbcc380bef6c56e3bee4b2b2405fbe7a0fda8b8fe (patch)
tree121450d7952a8b084da801f9eb6c56a576048db5
parent69f27c8c729186e400fd82bd4c1ed569e457f865 (diff)
qcacld-2.0: Fix issues generated by static analysis tool
Changes includes 1) Unlock spin lock if memory alloc fails in wma_dfs_indicate_radar() 2) Return from csrRoamCheckForLinkStatusChange() if memory alloc fails 3) Validate session id with CSR_ROAM_SESSION_MAX in multiple functions before accessing 'neighborRoamInfo'. Change-Id: I78fa4d1884bc3180a76e52ac7bd0fdb8bd766c03 CRs-Fixed: 1093115
Diffstat
-rw-r--r--CORE/SERVICES/WMA/wma.c1
-rw-r--r--CORE/SME/src/csr/csrApiRoam.c5
-rw-r--r--CORE/SME/src/csr/csrNeighborRoam.c24
3 files changed, 21 insertions, 9 deletions
diff --git a/CORE/SERVICES/WMA/wma.c b/CORE/SERVICES/WMA/wma.c
index 921c98c2c05b..b9a6947e357d 100644
--- a/CORE/SERVICES/WMA/wma.c
+++ b/CORE/SERVICES/WMA/wma.c
@@ -38046,6 +38046,7 @@ int wma_dfs_indicate_radar(struct ieee80211com *ic,
vos_mem_malloc(sizeof(*radar_event));
if (radar_event == NULL) {
WMA_LOGE(FL("Failed to allocate memory for radar_event"));
+ adf_os_spin_unlock_bh(&ic->chan_lock);
return -ENOMEM;
}
diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c
index af3b72c0a265..9af4b1e81bf8 100644
--- a/CORE/SME/src/csr/csrApiRoam.c
+++ b/CORE/SME/src/csr/csrApiRoam.c
@@ -11098,6 +11098,11 @@ void csrRoamCheckForLinkStatusChange( tpAniSirGlobal pMac, tSirSmeRsp *pSirMsg )
{
tpSirSetActiveModeSetBncFilterReq pMsg;
pMsg = vos_mem_malloc(sizeof(tSirSetActiveModeSetBncFilterReq));
+ if (!pMsg) {
+ smsLog(pMac, LOGE,
+ FL("Failed to allocate memory"));
+ return;
+ }
pMsg->messageType = pal_cpu_to_be16((tANI_U16)eWNI_SME_SET_BCN_FILTER_REQ);
pMsg->length = pal_cpu_to_be16(sizeof(
tSirSetActiveModeSetBncFilterReq));
diff --git a/CORE/SME/src/csr/csrNeighborRoam.c b/CORE/SME/src/csr/csrNeighborRoam.c
index 486b74224838..04bedb75a1ad 100644
--- a/CORE/SME/src/csr/csrNeighborRoam.c
+++ b/CORE/SME/src/csr/csrNeighborRoam.c
@@ -3412,9 +3412,11 @@ void csrNeighborRoamNeighborScanTimerCallback(void *pv)
VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("pMac is Null"));
return;
}
- if (CSR_SESSION_ID_INVALID == sessionId)
- {
- VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("invalid sessionId"));
+ if ((CSR_SESSION_ID_INVALID == sessionId) ||
+ (CSR_ROAM_SESSION_MAX <= sessionId)) {
+ smsLog(pMac, LOGE,
+ FL("Invalid sessionId/Reached maximum no.of sessions %d"),
+ sessionId);
return;
}
@@ -3471,9 +3473,11 @@ void csrNeighborRoamEmptyScanRefreshTimerCallback(void *context)
VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("pMac is Null"));
return;
}
- if (CSR_SESSION_ID_INVALID == sessionId)
- {
- VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("invalid sessionId"));
+ if ((CSR_SESSION_ID_INVALID == sessionId) ||
+ (CSR_ROAM_SESSION_MAX <= sessionId)) {
+ smsLog(pMac, LOGE,
+ FL("Invalid sessionId/Reached maximum no.of sessions %d"),
+ sessionId);
return;
}
pNeighborRoamInfo = &pMac->roam.neighborRoamInfo[sessionId];
@@ -3537,9 +3541,11 @@ void csrNeighborRoamResultsRefreshTimerCallback(void *context)
VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("pMac is Null"));
return;
}
- if (CSR_SESSION_ID_INVALID == sessionId)
- {
- VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("invalid sessionId"));
+ if ((CSR_SESSION_ID_INVALID == sessionId) ||
+ (CSR_ROAM_SESSION_MAX <= sessionId)) {
+ smsLog(pMac, LOGE,
+ FL("Invalid sessionId/Reached maximum no.of sessions %d"),
+ sessionId);
return;
}
pNeighborRoamInfo = &pMac->roam.neighborRoamInfo[sessionId];
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-24 00:10:00 +0000