From 1138a912a71f49e9cd065fd51b5ecdc7fca259d7 Mon Sep 17 00:00:00 2001 From: Abhinav Kumar Date: Tue, 4 Sep 2018 11:45:53 +0530 Subject: [PATCH] qcacld-3.0: Possible mem leak in wma_roam_scan_offload_mode wma_roam_scan_offload_mode, allocates mem for params buffer to store roaming offload scan parameters locally from incoming roam req. In last it calls wmi_unified_roam_scan_offload_mode_cmd using param as an argument to set roam scan parameters to wmi structure and free the local param buffer in the successful case. But in case if driver unable to write wmi struct, wma_roam_scan_offload_mode returns error status to its caller without freeing locally allocated params mem buffer. This results in mem leak while unsuccessful roaming offload. Fix is to free locally allocated mem buff before the return in case of roaming offload failure Change-Id: Ic73f0b3ec004c3dcc53076594c0b872a29fee633 CRs-Fixed: 2308506 --- core/wma/src/wma_scan_roam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c index 132fceb665..e55d80327e 100644 --- a/core/wma/src/wma_scan_roam.c +++ b/core/wma/src/wma_scan_roam.c @@ -377,11 +377,11 @@ QDF_STATUS wma_roam_scan_offload_mode(tp_wma_handle wma_handle, status = wmi_unified_roam_scan_offload_mode_cmd(wma_handle->wmi_handle, scan_cmd_fp, params); + qdf_mem_free(params); if (QDF_IS_STATUS_ERROR(status)) return status; WMA_LOGD("%s: WMA --> WMI_ROAM_SCAN_MODE", __func__); - qdf_mem_free(params); return status; }