Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Fix memory leaks in csr_save_profile

Fix memory leaks in csr_save_profile by freeing all buffers within
saved cmd allocated within this function.

Change-Id: Ie06c91b145165df21992829883be11932871550d
CRs-Fixed: 1116619
Naveen Rawat 8 years ago
parent
3d58d793c9
commit
90542b3268
2 changed files with 47 additions and 7 deletions
Split View Show Diff Stats
  1. 21 3
      core/sme/src/csr/csr_api_roam.c
  2. 26 4
      core/sme/src/csr/csr_api_scan.c

+ 21 - 3
core/sme/src/csr/csr_api_roam.c
View File 

@@ -393,14 +393,32 @@ QDF_STATUS csr_set_channels(tHalHandle hHal, tCsrConfigParam *pParam)
 
 QDF_STATUS csr_close(tpAniSirGlobal pMac)
 
 {
 
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
 
+	tSmeCmd *saved_scan_cmd;
 
 
 	csr_roam_close(pMac);
 
 	csr_scan_close(pMac);
 
 	csr_ll_close(&pMac->roam.statsClientReqList);
 
 	csr_ll_close(&pMac->roam.peStatsReqList);
 
-	if (pMac->sme.saved_scan_cmd) {
 
-		qdf_mem_free(pMac->sme.saved_scan_cmd);
 
-		pMac->sme.saved_scan_cmd = NULL;
 
+	saved_scan_cmd = (tSmeCmd *)pMac->sme.saved_scan_cmd;
 
+	if (saved_scan_cmd) {
 
+		csr_release_profile(pMac, saved_scan_cmd->u.scanCmd.
 
+				    pToRoamProfile);
 
+		if (saved_scan_cmd->u.scanCmd.pToRoamProfile) {
 
+			qdf_mem_free(saved_scan_cmd->u.scanCmd.pToRoamProfile);
 
+			saved_scan_cmd->u.scanCmd.pToRoamProfile = NULL;
 
+		}
 
+		if (saved_scan_cmd->u.scanCmd.u.scanRequest.SSIDs.SSIDList) {
 
+			qdf_mem_free(saved_scan_cmd->u.scanCmd.u.scanRequest.
 
+				     SSIDs.SSIDList);
 
+			saved_scan_cmd->u.scanCmd.u.scanRequest.SSIDs.
 
+				SSIDList = NULL;
 
+		}
 
+		if (saved_scan_cmd->u.roamCmd.pRoamBssEntry) {
 
+			qdf_mem_free(saved_scan_cmd->u.roamCmd.pRoamBssEntry);
 
+			saved_scan_cmd->u.roamCmd.pRoamBssEntry = NULL;
 
+		}
 
+		qdf_mem_free(saved_scan_cmd);
 
+		saved_scan_cmd = NULL;
 
 	}
 
 	/* DeInit Globals */
 
 	csr_roam_de_init_globals(pMac);

+ 26 - 4
core/sme/src/csr/csr_api_scan.c
View File 

@@ -2851,6 +2851,7 @@ csr_handle_nxt_cmd(tpAniSirGlobal mac_ctx, tSmeCmd *pCommand,
 
 {
 
 	QDF_STATUS status, ret;
 
 	tSmeCmd *save_cmd = NULL;
 
+	tSmeCmd *saved_scan_cmd;
 
 
 	switch (*nxt_cmd) {
 
 	case eCsrNext11dScan1Success:
 
@@ -2915,10 +2916,31 @@ csr_handle_nxt_cmd(tpAniSirGlobal mac_ctx, tSmeCmd *pCommand,
 
 					SIR_UPDATE_REASON_HIDDEN_STA);
 
 		sme_debug("chan: %d session: %d status: %d",
 
 					chan, pCommand->sessionId, ret);
 
-		if (mac_ctx->sme.saved_scan_cmd) {
 
-			qdf_mem_free(mac_ctx->sme.saved_scan_cmd);
 
-			mac_ctx->sme.saved_scan_cmd = NULL;
 
-			sme_err("memory should have been free. Check!");
 
+		saved_scan_cmd = (tSmeCmd *)mac_ctx->sme.saved_scan_cmd;
 
+		if (saved_scan_cmd) {
 
+			csr_release_profile(mac_ctx, saved_scan_cmd->u.scanCmd.
 
+					    pToRoamProfile);
 
+			if (saved_scan_cmd->u.scanCmd.pToRoamProfile) {
 
+				qdf_mem_free(saved_scan_cmd->u.scanCmd.
 
+					     pToRoamProfile);
 
+				saved_scan_cmd->u.scanCmd.
 
+					pToRoamProfile = NULL;
 
+			}
 
+			if (saved_scan_cmd->u.scanCmd.u.scanRequest.SSIDs.
 
+			    SSIDList) {
 
+				qdf_mem_free(saved_scan_cmd->u.scanCmd.u.
 
+					     scanRequest.SSIDs.SSIDList);
 
+				saved_scan_cmd->u.scanCmd.u.scanRequest.SSIDs.
 
+					SSIDList = NULL;
 
+			}
 
+			if (saved_scan_cmd->u.roamCmd.pRoamBssEntry) {
 
+				qdf_mem_free(saved_scan_cmd->u.roamCmd.
 
+					     pRoamBssEntry);
 
+				saved_scan_cmd->u.roamCmd.pRoamBssEntry = NULL;
 
+			}
 
+			qdf_mem_free(saved_scan_cmd);
 
+			saved_scan_cmd = NULL;
 
+			sme_err(FL("memory should have been free. Check!"));
 
 		}
 
 
 		save_cmd = (tSmeCmd *) qdf_mem_malloc(sizeof(*pCommand));