탐색 도움말
로그인
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
소스 검색

qcacld-3.0: Fix possible memory leak

Free Dynamic allocated memory in following scenarios:
1. In __lim_ext_scan_forward_bcn_probe_rsp()
Free dynamic allocated memory for result in failure case

2. In sme_oem_data_req()
Free dynamic allocated memory for oem_data_req in failure case.

3. In sme_notify_ht2040_mode()
Free dynamic allocated memory for pHtOpMode in default case.

4. In sme_send_rate_update_ind()
Free dynamic allocated memory for rate_upd if mutex acquire
fails.

5. In sme_txpower_limit()
Free dynamic allocated memory tx_power_limit rate_upd if mutex
acquire fails.

Change-Id: I5deccb5ac10f69ad00ea860f43c821ee7e90c71e
CRs-Fixed: 2465786
Abhinav Kumar 6 년 전
부모
c218b38a16
커밋
009f69fb6a
2개의 변경된 파일43개의 추가작업 그리고 40개의 파일을 삭제
분할 보기 변경상태 보기
  1. 3 2
      core/mac/src/pe/lim/lim_process_message_queue.c
  2. 40 38
      core/sme/src/common/sme_api.c

+ 3 - 2
core/mac/src/pe/lim/lim_process_message_queue.c
파일 보기 

@@ -693,9 +693,10 @@ __lim_ext_scan_forward_bcn_probe_rsp(struct mac_context *pmac, uint8_t *rx_pkt_i
 
 
 	frame_len = sizeof(*bssdescr) + ie_len - sizeof(bssdescr->ieFields[1]);
 
 	bssdescr = qdf_mem_malloc(frame_len);
 
-
 
-	if (!bssdescr)
 
+	if (!bssdescr) {
 
+		qdf_mem_free(result);
 
 		return;
 
+	}
 
 
 	qdf_mem_zero(bssdescr, frame_len);

+ 40 - 38
core/sme/src/common/sme_api.c
파일 보기 

@@ -3949,8 +3949,10 @@ QDF_STATUS sme_oem_data_req(mac_handle_t mac_handle,
 
 
 	oem_data_req->data_len = hdd_oem_req->data_len;
 
 	oem_data_req->data = qdf_mem_malloc(oem_data_req->data_len);
 
-	if (!oem_data_req->data)
 
+	if (!oem_data_req->data) {
 
+		qdf_mem_free(oem_data_req);
 
 		return QDF_STATUS_E_NOMEM;
 
+	}
 
 
 	qdf_mem_copy(oem_data_req->data, hdd_oem_req->data,
 
 		     oem_data_req->data_len);
 
@@ -8042,6 +8044,7 @@ QDF_STATUS sme_notify_ht2040_mode(mac_handle_t mac_handle, uint16_t staId,
 
 	default:
 
 		QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_ERROR,
 
 			  "%s: Invalid OP mode", __func__);
 
+		qdf_mem_free(pHtOpMode);
 
 		return QDF_STATUS_E_FAILURE;
 
 	}
 
 
@@ -8459,29 +8462,28 @@ QDF_STATUS sme_send_rate_update_ind(mac_handle_t mac_handle,
 
 			TX_RATE_HT20 | TX_RATE_SGI;
 
 
 	status = sme_acquire_global_lock(&mac->sme);
 
-	if (QDF_STATUS_SUCCESS == status) {
 
-		msg.type = WMA_RATE_UPDATE_IND;
 
-		msg.bodyptr = rate_upd;
 
-		MTRACE(qdf_trace(QDF_MODULE_ID_SME, TRACE_CODE_SME_TX_WMA_MSG,
 
-				 NO_SESSION, msg.type));
 
-		if (!QDF_IS_STATUS_SUCCESS
 
-			    (scheduler_post_message(QDF_MODULE_ID_SME,
 
-						    QDF_MODULE_ID_WMA,
 
-						    QDF_MODULE_ID_WMA,
 
-						    &msg))) {
 
-			QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_ERROR,
 
-				  "%s: Not able to post WMA_RATE_UPDATE_IND to WMA!",
 
-				  __func__);
 
+	if (QDF_IS_STATUS_ERROR(status)) {
 
+		qdf_mem_free(rate_upd);
 
+		return status;
 
+	}
 
 
-			sme_release_global_lock(&mac->sme);
 
-			qdf_mem_free(rate_upd);
 
-			return QDF_STATUS_E_FAILURE;
 
-		}
 
+	msg.type = WMA_RATE_UPDATE_IND;
 
+	msg.bodyptr = rate_upd;
 
+	MTRACE(qdf_trace(QDF_MODULE_ID_SME, TRACE_CODE_SME_TX_WMA_MSG,
 
+			 NO_SESSION, msg.type));
 
 
-		sme_release_global_lock(&mac->sme);
 
-		return QDF_STATUS_SUCCESS;
 
+	status = scheduler_post_message(QDF_MODULE_ID_SME, QDF_MODULE_ID_WMA,
 
+					QDF_MODULE_ID_WMA, &msg);
 
+	if (QDF_IS_STATUS_ERROR(status)) {
 
+		QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_ERROR,
 
+			  "%s: Not able to post WMA_RATE_UPDATE_IND to WMA!",
 
+			  __func__);
 
+		qdf_mem_free(rate_upd);
 
+		status = QDF_STATUS_E_FAILURE;
 
 	}
 
 
+	sme_release_global_lock(&mac->sme);
 
+
 
 	return status;
 
 }
 
 
@@ -9111,8 +9113,7 @@ QDF_STATUS sme_set_thermal_level(mac_handle_t mac_handle, uint8_t level)
 
 QDF_STATUS sme_txpower_limit(mac_handle_t mac_handle,
 
 			     struct tx_power_limit *psmetx)
 
 {
 
-	QDF_STATUS status = QDF_STATUS_SUCCESS;
 
-	QDF_STATUS qdf_status = QDF_STATUS_SUCCESS;
 
+	QDF_STATUS status;
 
 	struct scheduler_msg message = {0};
 
 	struct mac_context *mac = MAC_CONTEXT(mac_handle);
 
 	struct tx_power_limit *tx_power_limit;
 
@@ -9124,24 +9125,25 @@ QDF_STATUS sme_txpower_limit(mac_handle_t mac_handle,
 
 	*tx_power_limit = *psmetx;
 
 
 	status = sme_acquire_global_lock(&mac->sme);
 
-	if (QDF_IS_STATUS_SUCCESS(status)) {
 
-		message.type = WMA_TX_POWER_LIMIT;
 
-		message.reserved = 0;
 
-		message.bodyptr = tx_power_limit;
 
+	if (QDF_IS_STATUS_ERROR(status)) {
 
+		qdf_mem_free(tx_power_limit);
 
+		return status;
 
+	}
 
 
-		qdf_status = scheduler_post_message(QDF_MODULE_ID_SME,
 
-						    QDF_MODULE_ID_WMA,
 
-						    QDF_MODULE_ID_WMA,
 
-						    &message);
 
-		if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
 
-			QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_ERROR,
 
-				  "%s: not able to post WMA_TX_POWER_LIMIT",
 
-				  __func__);
 
-			status = QDF_STATUS_E_FAILURE;
 
-			qdf_mem_free(tx_power_limit);
 
-		}
 
-		sme_release_global_lock(&mac->sme);
 
+	message.type = WMA_TX_POWER_LIMIT;
 
+	message.bodyptr = tx_power_limit;
 
+	status = scheduler_post_message(QDF_MODULE_ID_SME, QDF_MODULE_ID_WMA,
 
+					QDF_MODULE_ID_WMA, &message);
 
+	if (QDF_IS_STATUS_ERROR(status)) {
 
+		QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_ERROR,
 
+			  "%s: not able to post WMA_TX_POWER_LIMIT",
 
+			  __func__);
 
+		status = QDF_STATUS_E_FAILURE;
 
+		qdf_mem_free(tx_power_limit);
 
 	}
 
+
 
+	sme_release_global_lock(&mac->sme);
 
+
 
 	return status;
 
 }