qcacld-3.0: Fix memory leak issue of ch_list in sap_get_channel_list

In the api sap_get_channel_list, list is allocated memory to store the
channel list to be sent for scan request. This api is called by
sap_goto_channel_sel which initializes scan_request.ChannelInfo.ChannelList
to channel_list, without any prior NULL check of channel_list.
Also in scan callback wlansap_scan_callback, if the state machine structure
is in disconnected state , the host returns without freeing the memory
allocated to the channel list in sap_ctx .

Fix is to free the memory allocated to the channel list
and make the sap_ctx->channellist, sap_ctx->num_of_channel
as NULL and zero respectively in both the instances.

Change-Id: Ia54287d6e77e206c717bd3c205ebe57510ea801c
CRs-Fixed: 2159489

core/sap/src/sap_api_link_cntl.c

@@ -110,6 +110,11 @@ QDF_STATUS wlansap_scan_callback(tHalHandle hal_handle,
 	if (sap_ctx->sapsMachine == eSAP_DISCONNECTED) {
 		QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_WARN,
 				"In %s BSS already stopped", __func__);
+		if (sap_ctx->channelList != NULL) {
+			qdf_mem_free(sap_ctx->channelList);
+			sap_ctx->channelList = NULL;
+			sap_ctx->num_of_channel = 0;
+		}
 		return QDF_STATUS_E_FAILURE;
 	}
 

core/sap/src/sap_fsm.c

@@ -1835,6 +1835,11 @@ QDF_STATUS sap_goto_channel_sel(struct sap_context *sap_context,
 		for (i = 0; i < num_of_channels; i++)
 			req->scan_req.chan_list.chan[i].freq =
 				wlan_chan_to_freq(channel_list[i]);
+		if (sap_context->channelList) {
+			qdf_mem_free(sap_context->channelList);
+			sap_context->channelList = NULL;
+			sap_context->num_of_channel = 0;
+		}
 		sap_context->channelList = channel_list;
 		sap_context->num_of_channel = num_of_channels;
 		/* Set requestType to Full scan */