Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacmn: Fix Static Code Analysis Issues

Fixes static code analysis issues relating to null pointer
dereferencing and array bound issues.

Change-Id: I365277d9e690ca92351530f01162094ad2bca6ad
CRs-Fixed: 2208294
Aditya Sathish 7 years ago
parent
71a0ad2500
commit
61f7fa32c4
3 changed files with 17 additions and 5 deletions
Split View Show Diff Stats
  1. 7 3
      hif/src/ce/ce_main.c
  2. 6 2
      hif/src/ce/ce_service.c
  3. 4 0
      hif/src/ce/ce_service_srng.c

+ 7 - 3
hif/src/ce/ce_main.c
View File 

@@ -2181,7 +2181,7 @@ QDF_STATUS hif_post_recv_buffers(struct hif_softc *scn)
 
 {
 
 	struct HIF_CE_state *hif_state = HIF_GET_CE_STATE(scn);
 
 	int pipe_num;
 
-	struct CE_state *ce_state;
 
+	struct CE_state *ce_state = NULL;
 
 	QDF_STATUS qdf_status;
 
 
 	A_TARGET_ACCESS_LIKELY(scn);
 
@@ -2196,7 +2196,7 @@ QDF_STATUS hif_post_recv_buffers(struct hif_softc *scn)
 
 			continue;
 
 
 		qdf_status = hif_post_recv_buffers_for_pipe(pipe_info);
 
-		if (!QDF_IS_STATUS_SUCCESS(qdf_status) &&
 
+		if (!QDF_IS_STATUS_SUCCESS(qdf_status) && ce_state &&
 
 			ce_state->htt_rx_data &&
 
 			scn->fastpath_mode_on) {
 
 			A_TARGET_ACCESS_UNLIKELY(scn);
 
@@ -2761,7 +2761,7 @@ int hif_config_ce(struct hif_softc *scn)
 
 	struct hif_opaque_softc *hif_hdl = GET_HIF_OPAQUE_HDL(scn);
 
 	struct HIF_CE_pipe_info *pipe_info;
 
 	int pipe_num;
 
-	struct CE_state *ce_state;
 
+	struct CE_state *ce_state = NULL;
 
 
 #ifdef ADRASTEA_SHADOW_REGISTERS
 
 	int i;
 
@@ -2795,6 +2795,10 @@ int hif_config_ce(struct hif_softc *scn)
 
 
 		pipe_info->ce_hdl = ce_init(scn, pipe_num, attr);
 
 		ce_state = scn->ce_id_to_state[pipe_num];
 
+		if (!ce_state) {
 
+			A_TARGET_ACCESS_UNLIKELY(scn);
 
+			goto err;
 
+		}
 
 		qdf_spinlock_create(&pipe_info->recv_bufs_needed_lock);
 
 		QDF_ASSERT(pipe_info->ce_hdl != NULL);
 
 		if (pipe_info->ce_hdl == NULL) {

+ 6 - 2
hif/src/ce/ce_service.c
View File 

@@ -183,8 +183,12 @@ void hif_record_ce_desc_event(struct hif_softc *scn, int ce_id,
 
 	struct hif_ce_desc_event *event;
 
 
 	struct ce_desc_hist *ce_hist = &scn->hif_ce_desc_hist;
 
-	struct hif_ce_desc_event *hist_ev =
 
-			(struct hif_ce_desc_event *)ce_hist->hist_ev[ce_id];
 
+	struct hif_ce_desc_event *hist_ev = NULL;
 
+
 
+	if (ce_id < CE_COUNT_MAX)
 
+		hist_ev = (struct hif_ce_desc_event *)ce_hist->hist_ev[ce_id];
 
+	else
 
+		return;
 
 
 	if (ce_id >= CE_COUNT_MAX)
 
 		return;

+ 4 - 0
hif/src/ce/ce_service_srng.c
View File 

@@ -114,6 +114,10 @@ ce_send_nolock_srng(struct CE_handle *copyeng,
 
 
 		src_desc = hal_srng_src_get_next_reaped(scn->hal_soc,
 
 				src_ring->srng_ctx);
 
+		if (!src_desc) {
 
+			Q_TARGET_ACCESS_END(scn);
 
+			return QDF_STATUS_E_INVAL;
 
+		}
 
 
 		/* Update low 32 bits source descriptor address */
 
 		src_desc->buffer_addr_lo =