diff options
| author | Pragaspathi Thilagaraj <tpragasp@codeaurora.org> | 2018-07-20 01:51:41 +0530 |
|---|---|---|
| committer | nshrivas <nshrivas@codeaurora.org> | 2018-07-24 01:00:11 -0700 |
| commit | 92d208a79ed4ef6d7f4cb490aa861a89c097d8f7 (patch) | |
| tree | ae2bf047e8145a638f7319d8aa8f8cf7d4d4cec4 /tools/perf/scripts/python | |
| parent | 3e372778766dabb5d22132c85dba1a616fcaa759 (diff) | |
qcacld-3.0: Fix mem leak in wma_roam_synch_frame_event_handler
The function wma_roam_synch_frame_event_handler, memory is
allocated for iface->roam_synch_frame_ind.bcn_probe_rsp,
iface->roam_synch_frame_ind.bcn_reassoc_req,
iface->roam_synch_frame_ind.bcn_reassoc_rsp when the wmi event
WMI_ROAM_SYNCH_FRAME_EVENT is received. This event is followed
by a WMI_ROAM_SYNCH_EVENT from the firmware where the host
copies the bcn_probe_rsp, bcn_reassoc_req, bcn_reassoc_rsp to
the structure roam_synch_ind_ptr and frees the allocated memory.
In this flow memory leak can happen in following cases:
1. Firmware sends multiple cascade of WMI_ROAM_SYNCH_FRAME_EVENT
the host allocates bcn_reassoc_req, bcn_reassoc_rsp and
bcn_probe_rsp with out freeing the previous instance.
2. Firmware sends WMI_ROAM_SYNCH_FRAME_EVENT with either
bcn_reassoc_req or bcn_reassoc_req or bcn_probe_rsp NULL or all
the three are NULL.
3. Firmware sends WMI_ROAM_SYNCH_FRAME_EVENT having
bcn_reassoc_req bcn_reassoc_req and bcn_probe_rsp. Then it sends
the WMI_ROAM_SYNCH_EVENT with non zero bcn_reassoc_req_len or
bcn_reassoc_rsp_len or bcn_probe_rsp length.
4. Host doesn't free the allocated memory in
wma_roam_synch_frame_event_handler during failure cases.
Check if received iface->roam_synch_frame_ind has non NULL
bcn_probe_rsp, bcn_reassoc_req, bcn_reassoc_rsp and free the
same before allocating new memory. Also free the allocated
bcn_probe_rsp, bcn_reassoc_req, bcn_reassoc_rsp in failure
return cases.
Change-Id: I2b76769d09fd61929f7837cb8661d778cd2f881a
CRs-Fixed: 2282413
Diffstat (limited to 'tools/perf/scripts/python')
0 files changed, 0 insertions, 0 deletions