From 605c8118aaf365752d3f9f9230aa6fed5c41cf2f Mon Sep 17 00:00:00 2001 From: Vikram Kandukuri Date: Tue, 23 Apr 2019 17:45:17 +0530 Subject: [PATCH] qca-wifi: Fix KW issues in cfr component Fix Suspicious dereference of pointer 'payload' before NULL check. Fix 'status' might be used uninitialized in this function. Change-Id: Ib799043555faafc655919c1e42d0fbc43c716b2f --- target_if/cfr/src/target_if_cfr_8074v2.c | 7 +++++-- umac/cfr/dispatcher/src/wlan_cfr_tgt_api.c | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/target_if/cfr/src/target_if_cfr_8074v2.c b/target_if/cfr/src/target_if_cfr_8074v2.c index e0db63f291..9f4d049e10 100644 --- a/target_if/cfr/src/target_if_cfr_8074v2.c +++ b/target_if/cfr/src/target_if_cfr_8074v2.c @@ -203,8 +203,8 @@ int correlate_and_relay(struct wlan_objmgr_pdev *pdev, uint32_t cookie, bool cfr_dbr_event_handler(struct wlan_objmgr_pdev *pdev, struct direct_buf_rx_data *payload) { - uint8_t *data = payload->vaddr; - uint32_t cookie = payload->cookie; + uint8_t *data = NULL; + uint32_t cookie = 0; struct whal_cfir_dma_hdr dma_hdr = {0}; int length = 8, tones = 0, status = 0; struct wlan_objmgr_psoc *psoc; @@ -230,6 +230,9 @@ bool cfr_dbr_event_handler(struct wlan_objmgr_pdev *pdev, return true; } + data = payload->vaddr; + cookie = payload->cookie; + cfr_debug("bufferaddr: 0x%pK cookie: %u", payload->paddr, cookie); qdf_mem_copy(&dma_hdr, &data[0], sizeof(struct whal_cfir_dma_hdr)); diff --git a/umac/cfr/dispatcher/src/wlan_cfr_tgt_api.c b/umac/cfr/dispatcher/src/wlan_cfr_tgt_api.c index 63f7517136..961e5e8ee5 100644 --- a/umac/cfr/dispatcher/src/wlan_cfr_tgt_api.c +++ b/umac/cfr/dispatcher/src/wlan_cfr_tgt_api.c @@ -149,7 +149,7 @@ int tgt_cfr_stop_capture(struct wlan_objmgr_pdev *pdev, struct wlan_objmgr_peer *peer) { struct wlan_lmac_if_cfr_tx_ops *cfr_tx_ops = NULL; - int status; + int status = 0; struct wlan_objmgr_psoc *psoc = wlan_pdev_get_psoc(pdev); cfr_tx_ops = wlan_psoc_get_cfr_txops(psoc);