qcacld-3.0: Add for NULL pointer check in sme/csr functions
Check for NULL pointer before accessing pointers in function: * csr_roam_join_handle_profile * csr_roam_process_results_default * csr_roam_process_start_bss_success * csr_roam_process_join_res * csr_process_nss_update_req * csr_is_p2p_session_connected Change-Id: I9bf83a2641a4523713b9180679648202ea9c9eef CRs-Fixed: 1034255
此提交包含在:
Naveen Rawat
@@ -5019,15 +5019,22 @@ static void csr_roam_join_handle_profile(tpAniSirGlobal mac_ctx,
|
||||
uint8_t acm_mask = 0;
|
||||
#endif
|
||||
QDF_STATUS status;
|
||||
tCsrRoamSession *session = CSR_GET_SESSION(mac_ctx, session_id);
|
||||
tCsrRoamSession *session;
|
||||
tCsrRoamProfile *profile = &cmd->u.roamCmd.roamProfile;
|
||||
tDot11fBeaconIEs *ies_local = NULL;
|
||||
|
||||
if (!CSR_IS_SESSION_VALID(mac_ctx, session_id)) {
|
||||
sms_log(mac_ctx, LOGE, FL("Invalid session id %d"), session_id);
|
||||
return;
|
||||
}
|
||||
session = CSR_GET_SESSION(mac_ctx, session_id);
|
||||
|
||||
/*
|
||||
* We have something to roam, tell HDD when it is infra.
|
||||
* For IBSS, the indication goes back to HDD via eCSR_ROAM_IBSS_IND
|
||||
*/
|
||||
if (CSR_IS_INFRASTRUCTURE(profile)) {
|
||||
if (roam_info_ptr && session->bRefAssocStartCnt) {
|
||||
if (CSR_IS_INFRASTRUCTURE(profile) && roam_info_ptr) {
|
||||
if (session->bRefAssocStartCnt) {
|
||||
session->bRefAssocStartCnt--;
|
||||
roam_info_ptr->pProfile = profile;
|
||||
/*
|
||||
@@ -6052,10 +6059,16 @@ static void csr_roam_process_results_default(tpAniSirGlobal mac_ctx,
|
||||
tSmeCmd *cmd, void *context, eCsrRoamCompleteResult res)
|
||||
{
|
||||
uint32_t session_id = cmd->sessionId;
|
||||
tCsrRoamSession *session = CSR_GET_SESSION(mac_ctx, session_id);
|
||||
tCsrRoamSession *session;
|
||||
tCsrRoamInfo roam_info;
|
||||
QDF_STATUS status;
|
||||
|
||||
if (!CSR_IS_SESSION_VALID(mac_ctx, session_id)) {
|
||||
sms_log(mac_ctx, LOGE, FL("Invalid session id %d"), session_id);
|
||||
return;
|
||||
}
|
||||
session = CSR_GET_SESSION(mac_ctx, session_id);
|
||||
|
||||
sms_log(mac_ctx, LOGW, FL("receives no association indication"));
|
||||
sms_log(mac_ctx, LOG1, FL("Assoc ref count %d"),
|
||||
session->bRefAssocStartCnt);
|
||||
@@ -6252,7 +6265,7 @@ static void csr_roam_process_start_bss_success(tpAniSirGlobal mac_ctx,
|
||||
{
|
||||
uint32_t session_id = cmd->sessionId;
|
||||
tCsrRoamProfile *profile = &cmd->u.roamCmd.roamProfile;
|
||||
tCsrRoamSession *session = CSR_GET_SESSION(mac_ctx, session_id);
|
||||
tCsrRoamSession *session;
|
||||
tSirBssDescription *bss_desc = NULL;
|
||||
tCsrRoamInfo roam_info;
|
||||
tSirSmeStartBssRsp *start_bss_rsp = NULL;
|
||||
@@ -6269,6 +6282,12 @@ static void csr_roam_process_start_bss_success(tpAniSirGlobal mac_ctx,
|
||||
tCsrRoamHTProfile *dst_profile = NULL;
|
||||
#endif
|
||||
|
||||
if (!CSR_IS_SESSION_VALID(mac_ctx, session_id)) {
|
||||
sms_log(mac_ctx, LOGE, FL("Invalid session id %d"), session_id);
|
||||
return;
|
||||
}
|
||||
session = CSR_GET_SESSION(mac_ctx, session_id);
|
||||
|
||||
/*
|
||||
* on the StartBss Response, LIM is returning the Bss Description that
|
||||
* we are beaconing. Add this Bss Description to our scan results and
|
||||
@@ -6460,7 +6479,7 @@ static void csr_roam_process_join_res(tpAniSirGlobal mac_ctx,
|
||||
uint8_t acm_mask = 0; /* HDD needs ACM mask in assoc rsp callback */
|
||||
uint32_t session_id = cmd->sessionId;
|
||||
tCsrRoamProfile *profile = &cmd->u.roamCmd.roamProfile;
|
||||
tCsrRoamSession *session = CSR_GET_SESSION(mac_ctx, session_id);
|
||||
tCsrRoamSession *session;
|
||||
tSirBssDescription *bss_desc = NULL;
|
||||
tCsrScanResult *scan_res = NULL;
|
||||
sme_qos_csr_event_indType ind_qos;
|
||||
@@ -6475,6 +6494,12 @@ static void csr_roam_process_join_res(tpAniSirGlobal mac_ctx,
|
||||
tSirSmeJoinRsp *join_rsp = (tSirSmeJoinRsp *) context;
|
||||
uint32_t len;
|
||||
|
||||
if (!CSR_IS_SESSION_VALID(mac_ctx, session_id)) {
|
||||
sms_log(mac_ctx, LOGE, FL("Invalid session id %d"), session_id);
|
||||
return;
|
||||
}
|
||||
session = CSR_GET_SESSION(mac_ctx, session_id);
|
||||
|
||||
conn_profile = &session->connectedProfile;
|
||||
if (eCsrReassocSuccess == res)
|
||||
ind_qos = SME_QOS_CSR_REASSOC_COMPLETE;
|
||||
@@ -18747,20 +18772,20 @@ void csr_process_nss_update_req(tpAniSirGlobal mac, tSmeCmd *command)
|
||||
QDF_STATUS status;
|
||||
tSirMsgQ msg_return;
|
||||
struct sir_beacon_tx_complete_rsp *param;
|
||||
|
||||
tCsrRoamSession *session =
|
||||
CSR_GET_SESSION(mac, command->sessionId);
|
||||
|
||||
if (!session) {
|
||||
sms_log(mac, LOGE, FL("Session not found"));
|
||||
goto fail;
|
||||
}
|
||||
tCsrRoamSession *session;
|
||||
|
||||
if (!command) {
|
||||
sms_log(mac, LOGE, FL("nss update param is NULL"));
|
||||
goto fail;
|
||||
return;
|
||||
}
|
||||
|
||||
if (!CSR_IS_SESSION_VALID(mac, command->sessionId)) {
|
||||
sms_log(mac, LOGE, FL("Invalid session id %d"),
|
||||
command->sessionId);
|
||||
return;
|
||||
}
|
||||
session = CSR_GET_SESSION(mac, command->sessionId);
|
||||
|
||||
len = sizeof(*msg);
|
||||
msg = qdf_mem_malloc(len);
|
||||
if (!msg) {
|
||||
|
||||
新增問題並參考
封鎖使用者