diff options
| author | Masti, Narayanraddi <c_nmasti@qti.qualcomm.com> | 2016-05-19 18:00:34 +0530 |
|---|---|---|
| committer | Anjaneedevi Kapparapu <akappa@codeaurora.org> | 2016-05-25 19:08:24 +0530 |
| commit | d39cf92e69222e03f89238313f5b8c100ecd4ecc (patch) | |
| tree | 245917b0345eb7a1d1c2bd332c58628e6c518d96 | |
| parent | 93c041d58f722d4d826ceb1636e1bbe45d454409 (diff) | |
qcacld-2.0: Fix Unitialized heap and stack usage
1.Fix unitialized heap use in csrGetStatistics by initializing
pointer of struct type WLANTL_TRANSFER_STA_TYPE to zero.
2.Fix unitialized stack use in csrRoamReadTSF by initializing
variable of struct type tCsrNeighborRoamBSSInfo to zero.
Change-Id: I4211b41b5e30d414e45691a5bab4048587cc8499
CRs-Fixed: 1018486
| -rw-r--r-- | CORE/SME/src/csr/csrApiRoam.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c index b9983f066b0d..d875a3b65897 100644 --- a/CORE/SME/src/csr/csrApiRoam.c +++ b/CORE/SME/src/csr/csrApiRoam.c @@ -16993,6 +16993,8 @@ eHalStatus csrGetStatistics(tpAniSirGlobal pMac, eCsrStatsRequesterType requeste pTlStats = (WLANTL_TRANSFER_STA_TYPE *)vos_mem_malloc(sizeof(WLANTL_TRANSFER_STA_TYPE)); if (NULL != pTlStats) { + vos_mem_set(pTlStats, sizeof(*pTlStats), 0); + //req TL for class D stats if(WLANTL_GetStatistics(pMac->roam.gVosContext, pTlStats, staId)) { @@ -17054,6 +17056,8 @@ eHalStatus csrGetStatistics(tpAniSirGlobal pMac, eCsrStatsRequesterType requeste pTlStats = (WLANTL_TRANSFER_STA_TYPE *)vos_mem_malloc(sizeof(WLANTL_TRANSFER_STA_TYPE)); if (NULL != pTlStats) { + vos_mem_set(pTlStats, sizeof(*pTlStats), 0); + //req TL for class D stats if(!VOS_IS_STATUS_SUCCESS(WLANTL_GetStatistics(pMac->roam.gVosContext, pTlStats, staId))) { @@ -19277,10 +19281,11 @@ VOS_STATUS csrRoamReadTSF(tpAniSirGlobal pMac, tANI_U8 *pTimestamp, tANI_U8 sessionId) { eHalStatus status = eHAL_STATUS_SUCCESS; - tCsrNeighborRoamBSSInfo handoffNode; + tCsrNeighborRoamBSSInfo handoffNode = {{0}}; tANI_U32 timer_diff = 0; tANI_U32 timeStamp[2]; tpSirBssDescription pBssDescription = NULL; + csrNeighborRoamGetHandoffAPInfo(pMac, &handoffNode, sessionId); pBssDescription = handoffNode.pBssDescription; // Get the time diff in milli seconds |