From a15a105d2a13a8a4e72dddb5444626ecd4e91d8a Mon Sep 17 00:00:00 2001
From: Mukul Sharma <mukul@qti.qualcomm.com>
Date: Sat, 28 Feb 2015 12:05:44 -0800
Subject: qcacld-2.0: Fix Crash in csrProcessScanCommand

This is prima to qcacld-2.0 propagation.

While moving smeConfig to heap from stack in hdd_set_sme_config memzero
passed with wrong arguments (passed pointer instead of primitive type)
which lead to remain garbage into the fscantwice ini value.

Change-Id: I9a95157154b65c30d91182d25529c3e6e45a79f1
CRs-Fixed: 801545
---
 CORE/SME/src/csr/csrApiScan.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CORE/SME/src/csr/csrApiScan.c b/CORE/SME/src/csr/csrApiScan.c
index 42f2558f603c..e76c6311cdad 100644
--- a/CORE/SME/src/csr/csrApiScan.c
+++ b/CORE/SME/src/csr/csrApiScan.c
@@ -5913,8 +5913,8 @@ eHalStatus csrProcessScanCommand( tpAniSirGlobal pMac, tSmeCmd *pCommand )
                (NULL != pCommand->u.scanCmd.u.scanRequest.ChannelInfo.ChannelList))
             {
                 len = pCommand->u.scanCmd.u.scanRequest.ChannelInfo.numOfChannels;
-                //allocate twice the channel
-                newChannelInfo.ChannelList = (tANI_U8 *)vos_mem_malloc(newChannelInfo.numOfChannels * 2);
+                /* Allocate twice the channel */
+                newChannelInfo.ChannelList = vos_mem_malloc(len * 2);
                 pChannel = pCommand->u.scanCmd.u.scanRequest.ChannelInfo.ChannelList;
             }
             else
-- 
cgit v1.2.3