summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMingcheng Zhu <mingchen@qca.qualcomm.com>2014-01-16 09:51:14 -0800
committerPrakash Dhavali <pdhavali@qca.qualcomm.com>2014-01-26 21:36:59 -0800
commitd5483052328fda56fa0939896a71dc76a7f74e2f (patch)
treef5c998a734a14298210c7fb170b280772c56e6db
parent79eed0c34868a342245e99cfd9eae8ef232ed015 (diff)
wlan: Fix static analysis issue in HDD files
Fix static analysis issue in HDD files CRs-Fixed: 601529 Change-Id: I7d7e7f1aada87bf296b5a0e7d44f439acec08c41
Diffstat
-rw-r--r--CORE/HDD/inc/wlan_hdd_wowl.h2
-rw-r--r--CORE/HDD/src/wlan_hdd_main.c37
-rw-r--r--CORE/HDD/src/wlan_hdd_tx_rx.c4
-rw-r--r--CORE/HDD/src/wlan_hdd_wext.c98
-rw-r--r--CORE/HDD/src/wlan_hdd_wmm.c12
-rw-r--r--CORE/HDD/src/wlan_hdd_wowl.c19
-rw-r--r--CORE/SME/src/pmc/pmcApi.c18
7 files changed, 125 insertions, 65 deletions
diff --git a/CORE/HDD/inc/wlan_hdd_wowl.h b/CORE/HDD/inc/wlan_hdd_wowl.h
index 96913b5b50ee..085bfd114c02 100644
--- a/CORE/HDD/inc/wlan_hdd_wowl.h
+++ b/CORE/HDD/inc/wlan_hdd_wowl.h
@@ -108,7 +108,7 @@
* -------------------------------------------------------------------------*/
#ifdef QCA_WIFI_2_0
#define WOWL_PTRN_MAX_SIZE 148
-#define WOWL_PTRN_MASK_MAX_SIZE 19
+#define WOWL_PTRN_MASK_MAX_SIZE 16
#define WOWL_MAX_PTRNS_ALLOWED 22
#else
#define WOWL_PTRN_MAX_SIZE 128
diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
index 9da3013bc348..8a024490ff33 100644
--- a/CORE/HDD/src/wlan_hdd_main.c
+++ b/CORE/HDD/src/wlan_hdd_main.c
@@ -6558,24 +6558,30 @@ void hdd_deinit_adapter( hdd_context_t *pHddCtx, hdd_adapter_t *pAdapter )
void hdd_cleanup_adapter( hdd_context_t *pHddCtx, hdd_adapter_t *pAdapter, tANI_U8 rtnl_held )
{
- struct net_device *pWlanDev = pAdapter->dev;
+ struct net_device *pWlanDev = NULL;
#ifdef FEATURE_WLAN_BATCH_SCAN
- tHddBatchScanRsp *pNode;
- tHddBatchScanRsp *pPrev;
- if (pAdapter)
+ tHddBatchScanRsp *pNode;
+ tHddBatchScanRsp *pPrev;
+ if (pAdapter)
+ {
+ pNode = pAdapter->pBatchScanRsp;
+ while (pNode)
{
- pNode = pAdapter->pBatchScanRsp;
- while (pNode)
- {
- pPrev = pNode;
- pNode = pNode->pNext;
- vos_mem_free((v_VOID_t * )pPrev);
- }
- pAdapter->pBatchScanRsp = NULL;
+ pPrev = pNode;
+ pNode = pNode->pNext;
+ vos_mem_free((v_VOID_t * )pPrev);
}
+ pAdapter->pBatchScanRsp = NULL;
+ }
#endif
-
+ if (pAdapter)
+ pWlanDev = pAdapter->dev;
+ else {
+ VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: HDD context is Null", __func__);
+ return;
+ }
if(test_bit(NET_DEVICE_REGISTERED, &pAdapter->event_flags)) {
if( rtnl_held )
{
@@ -8063,7 +8069,7 @@ void hdd_wlan_exit(hdd_context_t *pHddCtx)
v_CONTEXT_t pVosContext = pHddCtx->pvosContext;
VOS_STATUS vosStatus;
struct wiphy *wiphy = pHddCtx->wiphy;
- hdd_adapter_t* pAdapter;
+ hdd_adapter_t* pAdapter = NULL;
struct fullPowerContext powerContext;
long lrc;
#if defined (QCA_WIFI_2_0) && \
@@ -8573,6 +8579,9 @@ void hdd_exchange_version_and_caps(hdd_context_t *pHddCtx)
tANI_U8 fwFeatCapsMsgSupported = 0;
VOS_STATUS vstatus;
+ memset(&versionCompiled, 0, sizeof(versionCompiled));
+ memset(&versionReported, 0, sizeof(versionReported));
+
/* retrieve and display WCNSS version information */
do {
diff --git a/CORE/HDD/src/wlan_hdd_tx_rx.c b/CORE/HDD/src/wlan_hdd_tx_rx.c
index f9fcd0a9b4c9..ae555b150314 100644
--- a/CORE/HDD/src/wlan_hdd_tx_rx.c
+++ b/CORE/HDD/src/wlan_hdd_tx_rx.c
@@ -1148,7 +1148,7 @@ v_BOOL_t hdd_IsEAPOLPacket( vos_pkt_t *pVosPacket )
&pBuffer, HDD_ETHERTYPE_802_1_X_SIZE );
if (VOS_IS_STATUS_SUCCESS( vosStatus ) )
{
- if ( vos_be16_to_cpu( *(unsigned short*)pBuffer ) == HDD_ETHERTYPE_802_1_X )
+ if (pBuffer && vos_be16_to_cpu( *(unsigned short*)pBuffer) == HDD_ETHERTYPE_802_1_X )
{
fEAPOL = VOS_TRUE;
}
@@ -1179,7 +1179,7 @@ v_BOOL_t hdd_IsWAIPacket( vos_pkt_t *pVosPacket )
if (VOS_IS_STATUS_SUCCESS( vosStatus ) )
{
- if ( vos_be16_to_cpu( *(unsigned short*)pBuffer ) == HDD_ETHERTYPE_WAI)
+ if (pBuffer && vos_be16_to_cpu( *((unsigned short*)pBuffer)) == HDD_ETHERTYPE_WAI)
{
fIsWAI = VOS_TRUE;
}
diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index 4e75c9206a82..324405e0ee8e 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c
@@ -4815,7 +4815,7 @@ static int iw_setint_getnone(struct net_device *dev, struct iw_request_info *inf
case WE_SET_CHWIDTH:
{
- bool chwidth;
+ bool chwidth = false;
hdd_context_t *phddctx = WLAN_HDD_GET_CTX(pAdapter);
/*updating channel bonding only on 5Ghz*/
hddLog(LOG1, "WMI_VDEV_PARAM_CHWIDTH val %d", set_value);
@@ -6162,7 +6162,17 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR(dev);
int sub_cmd = wrqu->data.flags;
#ifdef WLAN_FEATURE_11W
- hdd_wext_state_t *pWextState = WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter);
+ hdd_wext_state_t *pWextState;
+#endif
+
+ if (pAdapter == NULL)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: pAdapter is NULL!", __func__);
+ return -EINVAL;
+ }
+#ifdef WLAN_FEATURE_11W
+ pWextState = WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter);
#endif
if (NULL == WLAN_HDD_GET_CTX(pAdapter))
@@ -6296,9 +6306,9 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
int count = 0, check = 1;
tANI_U16 tlState;
- tHalHandle hHal;
- tpAniSirGlobal pMac;
- hdd_station_ctx_t *pHddStaCtx;
+ tHalHandle hHal = NULL;
+ tpAniSirGlobal pMac = NULL;
+ hdd_station_ctx_t *pHddStaCtx = NULL;
hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX( pAdapter );
hdd_adapter_t *useAdapter = NULL;
@@ -6342,7 +6352,19 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
}
hHal = WLAN_HDD_GET_HAL_CTX( useAdapter );
+ if (!hHal) {
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
+ "\n pMac is NULL");
+ len += buf;
+ break;
+ }
pMac = PMAC_STRUCT( hHal );
+ if (!pMac) {
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
+ "\n pMac is NULL");
+ len += buf;
+ break;
+ }
pHddStaCtx = WLAN_HDD_GET_STATION_CTX_PTR( useAdapter );
if( !pHddStaCtx )
{
@@ -6376,36 +6398,38 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
adapter_num++;
}
- /* Printing Lim State starting with global lim states */
- buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
- "\n \n LIM STATES:-"
- "\n Global Sme State - %s "\
- "\n Global mlm State - %s "\
- "\n",
- macTraceGetLimSmeState(pMac->lim.gLimSmeState),
- macTraceGetLimMlmState(pMac->lim.gLimMlmState)
- );
- len += buf;
-
- /*printing the PE Sme and Mlm states for valid lim sessions*/
- while ( check < 3 && count < 255)
- {
- if ( pMac->lim.gpSession[count].valid )
+ if (pMac) {
+ /* Printing Lim State starting with global lim states */
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
+ "\n \n LIM STATES:-"
+ "\n Global Sme State - %s "\
+ "\n Global mlm State - %s "\
+ "\n",
+ macTraceGetLimSmeState(pMac->lim.gLimSmeState),
+ macTraceGetLimMlmState(pMac->lim.gLimMlmState)
+ );
+ len += buf;
+
+ /*printing the PE Sme and Mlm states for valid lim sessions*/
+ while ( check < 3 && count < 255)
{
- buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
- "\n Lim Valid Session %d:-"
- "\n PE Sme State - %s "
- "\n PE Mlm State - %s "
- "\n",
- check,
- macTraceGetLimSmeState(pMac->lim.gpSession[count].limSmeState),
- macTraceGetLimMlmState(pMac->lim.gpSession[count].limMlmState)
- );
+ if ( pMac->lim.gpSession[count].valid )
+ {
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
+ "\n Lim Valid Session %d:-"
+ "\n PE Sme State - %s "
+ "\n PE Mlm State - %s "
+ "\n",
+ check,
+ macTraceGetLimSmeState(pMac->lim.gpSession[count].limSmeState),
+ macTraceGetLimMlmState(pMac->lim.gpSession[count].limMlmState)
+ );
- len += buf;
- check++;
+ len += buf;
+ check++;
+ }
+ count++;
}
- count++;
}
wrqu->data.length = strlen(extra)+1;
@@ -6476,6 +6500,7 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
tChannelListInfo channel_list;
+ memset(&channel_list, 0, sizeof(channel_list));
status = iw_softap_get_channel_list(dev, info, wrqu, (char *)&channel_list);
if ( !VOS_IS_STATUS_SUCCESS( status ) )
{
@@ -6483,7 +6508,6 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
return -EINVAL;
}
buf = extra;
-
/**
* Maximum channels = WNI_CFG_VALID_CHANNEL_LIST_LEN. Maximum buffer
* needed = 5 * number of channels. Check ifsufficient
@@ -8198,9 +8222,9 @@ void wlan_hdd_set_mc_addr_list(hdd_adapter_t *pAdapter, v_U8_t set)
pAdapter->mc_addr_list.mc_cnt;
for (i = 0; i < pAdapter->mc_addr_list.mc_cnt; i++)
{
- memcpy(&(pMulticastAddrs->multicastAddr[i][0]),
- &(pAdapter->mc_addr_list.addr[i][0]),
- sizeof(pAdapter->mc_addr_list.addr[i]));
+ memcpy(pMulticastAddrs->multicastAddr[i],
+ pAdapter->mc_addr_list.addr[i],
+ sizeof(pAdapter->mc_addr_list.addr[i]));
hddLog(VOS_TRACE_LEVEL_INFO,
"%s: %s multicast filter: addr ="
MAC_ADDRESS_STR,
@@ -8677,7 +8701,6 @@ VOS_STATUS iw_set_pno(struct net_device *dev, struct iw_request_info *info,
/*Advance to rssi Threshold*/
ptr += nOffset;
-
if (1 != sscanf(ptr,"%d %n",
&(pnoRequest.aNetworks[i].rssiThreshold),
&nOffset))
@@ -8686,7 +8709,6 @@ VOS_STATUS iw_set_pno(struct net_device *dev, struct iw_request_info *info,
"PNO rssi threshold input is not valid %s",ptr);
return VOS_STATUS_E_FAILURE;
}
-
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,
"PNO rssi %d offset %d",
pnoRequest.aNetworks[i].rssiThreshold,
diff --git a/CORE/HDD/src/wlan_hdd_wmm.c b/CORE/HDD/src/wlan_hdd_wmm.c
index 9f6f6209be98..ff89b162d986 100644
--- a/CORE/HDD/src/wlan_hdd_wmm.c
+++ b/CORE/HDD/src/wlan_hdd_wmm.c
@@ -88,7 +88,7 @@
#define DHCP_DESTINATION_PORT 0x4300
static sme_QosWmmUpType hddWmmDscpToUpMap[WLAN_HDD_MAX_DSCP+1];
-
+#define HDD_WMM_UP_TO_AC_MAP_SIZE 8
const v_U8_t hddWmmUpToAcMap[] = {
WLANTL_AC_BE,
WLANTL_AC_BK,
@@ -2489,7 +2489,15 @@ hdd_wlan_wmm_status_e hdd_wmm_addts( hdd_adapter_t* pAdapter,
// we assume the tspec has already been validated by the caller
pQosContext->handle = handle;
- pQosContext->acType = hddWmmUpToAcMap[pTspec->ts_info.up];
+ if (pTspec->ts_info.up < HDD_WMM_UP_TO_AC_MAP_SIZE)
+ pQosContext->acType = hddWmmUpToAcMap[pTspec->ts_info.up];
+ else {
+ VOS_TRACE(VOS_MODULE_ID_HDD, WMM_TRACE_LEVEL_ERROR,
+ "%s: ts_info.up (%d) larger than max value (%d), use default acType (%d)",
+ __func__, pTspec->ts_info.up,
+ HDD_WMM_UP_TO_AC_MAP_SIZE - 1, hddWmmUpToAcMap[0]);
+ pQosContext->acType = hddWmmUpToAcMap[0];
+ }
pQosContext->pAdapter = pAdapter;
pQosContext->qosFlowId = 0;
pQosContext->magic = HDD_WMM_CTX_MAGIC;
diff --git a/CORE/HDD/src/wlan_hdd_wowl.c b/CORE/HDD/src/wlan_hdd_wowl.c
index 3ea7f4060bf6..0775f4523c0f 100644
--- a/CORE/HDD/src/wlan_hdd_wowl.c
+++ b/CORE/HDD/src/wlan_hdd_wowl.c
@@ -101,7 +101,7 @@ static void dump_hdd_wowl_ptrn(tSirWowlAddBcastPtrn *ptrn)
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "%s: ucPatternMaskSize = 0x%x", __func__,
ptrn->ucPatternMaskSize);
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "%s: Pattern: ", __func__);
- for(i = 0; i<ptrn->ucPatternSize; i++)
+ for(i = 0; i < ptrn->ucPatternSize; i++)
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO," %02X", ptrn->ucPattern[i]);
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "%s: PatternMask: ", __func__);
for(i = 0; i<ptrn->ucPatternMaskSize; i++)
@@ -186,7 +186,7 @@ v_BOOL_t hdd_add_wowl_ptrn (hdd_adapter_t *pAdapter, const char * ptrn)
localPattern.ucPatternMaskSize =
( hdd_parse_hex( ptrn[3] ) * 0x10 ) + hdd_parse_hex( ptrn[4] );
- if(localPattern.ucPatternSize > WOWL_PTRN_MAX_SIZE ||
+ if(localPattern.ucPatternSize > SIR_WOWL_BCAST_PATTERN_MAX_SIZE ||
localPattern.ucPatternMaskSize > WOWL_PTRN_MASK_MAX_SIZE)
{
VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
@@ -384,7 +384,13 @@ v_BOOL_t hdd_add_wowl_ptrn_debugfs(hdd_adapter_t *pAdapter, v_U8_t pattern_idx,
localPattern.ucPatternId = pattern_idx;
localPattern.ucPatternByteOffset = pattern_offset;
localPattern.ucPatternSize = pattern_len;
-
+ if (localPattern.ucPatternSize > SIR_WOWL_BCAST_PATTERN_MAX_SIZE) {
+ VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: WoW pattern size (%d) greater than max (%d)",
+ __func__, localPattern.ucPatternSize,
+ SIR_WOWL_BCAST_PATTERN_MAX_SIZE);
+ return VOS_FALSE;
+ }
/* Extract the pattern */
for (i = 0; i < localPattern.ucPatternSize; i++)
{
@@ -408,7 +414,12 @@ v_BOOL_t hdd_add_wowl_ptrn_debugfs(hdd_adapter_t *pAdapter, v_U8_t pattern_idx,
return VOS_FALSE;
}
-
+ if (localPattern.ucPatternMaskSize > WOWL_PTRN_MASK_MAX_SIZE) {
+ VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: WoW pattern mask size (%d) greater than max (%d)",
+ __func__, localPattern.ucPatternMaskSize, WOWL_PTRN_MASK_MAX_SIZE);
+ return VOS_FALSE;
+ }
/* Extract the pattern mask */
for (i = 0; i < localPattern.ucPatternMaskSize; i++)
{
diff --git a/CORE/SME/src/pmc/pmcApi.c b/CORE/SME/src/pmc/pmcApi.c
index 988853d00a1c..0855e9ddcc1b 100644
--- a/CORE/SME/src/pmc/pmcApi.c
+++ b/CORE/SME/src/pmc/pmcApi.c
@@ -2163,14 +2163,18 @@ eHalStatus pmcWowlAddBcastPattern (
{
log_ptr->pattern_id = pattern->ucPatternId;
log_ptr->pattern_byte_offset = pattern->ucPatternByteOffset;
- log_ptr->pattern_size = pattern->ucPatternSize;
- log_ptr->pattern_mask_size = pattern->ucPatternMaskSize;
+ log_ptr->pattern_size =
+ (pattern->ucPatternSize <= VOS_LOG_MAX_WOW_PTRN_SIZE) ?
+ pattern->ucPatternSize : VOS_LOG_MAX_WOW_PTRN_SIZE;
+ log_ptr->pattern_mask_size =
+ (pattern->ucPatternMaskSize <= VOS_LOG_MAX_WOW_PTRN_MASK_SIZE) ?
+ pattern->ucPatternMaskSize : VOS_LOG_MAX_WOW_PTRN_MASK_SIZE;
vos_mem_copy(log_ptr->pattern, pattern->ucPattern,
- pattern->ucPatternSize);
+ log_ptr->pattern_size);
/* 1 bit in the pattern mask denotes 1 byte of pattern. */
vos_mem_copy(log_ptr->pattern_mask, pattern->ucPatternMask,
- pattern->ucPatternMaskSize);
+ log_ptr->pattern_mask_size);
}
//The same macro frees the memory.
@@ -2938,6 +2942,12 @@ eHalStatus pmcSetPreferredNetworkList
*((v_U32_t *) &pRequest->aNetworks[1].ssId.ssId[24]),
*((v_U32_t *) &pRequest->aNetworks[1].ssId.ssId[28]));
+ if (!pSession)
+ {
+ VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR,
+ "%s: pSessionis NULL", __func__);
+ return eHAL_STATUS_FAILURE;
+ }
pRequestBuf = vos_mem_malloc(sizeof(tSirPNOScanReq));
if (NULL == pRequestBuf)
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-09 04:24:11 +0000