qcacmn: Fix static code analysis issues in DP

In dp_srng_init, max_buffer_length and prefetch_timer are used
while uninitialized.

In dp_bucket_index, overrunning array cdp_sw_enq_delay leads to
out-of-bounds access.

In dp_rx_defrag_fraglist_insert, cur is first NULL checked but
cur is again set to qdf_nbuf_next and is accessed without
NULL check. Thus do a NULL check again before dereferencing
cur to avoid potential NULL pointer dereference.

In htt_t2h_stats_handler, soc could be NULL while cmn_init_done
is dereferenced. Thus fix it by NULL check soc first and then
dereference cmn_init_done.

Change-Id: Ie6a33347d34862f30ba04a10096d3892af7571d3
CRs-Fixed: 2751573
This commit is contained in:
Jia Ding
2020-08-10 14:07:29 +08:00
committed by snandini
parent 2f48b53345
commit c07761e4cc
3 changed files with 16 additions and 8 deletions

View File

@@ -1460,7 +1460,7 @@ static QDF_STATUS dp_srng_init(struct dp_soc *soc, struct dp_srng *srng,
/* memset the srng ring to zero */
qdf_mem_zero(srng->base_vaddr_unaligned, srng->alloc_size);
ring_params.flags = 0;
qdf_mem_zero(&ring_params, sizeof(struct hal_srng_params));
ring_params.ring_base_paddr = srng->base_paddr_aligned;
ring_params.ring_base_vaddr = srng->base_vaddr_aligned;
@@ -11700,7 +11700,7 @@ static uint8_t dp_bucket_index(uint32_t delay, uint16_t *array)
{
uint8_t i = CDP_DELAY_BUCKET_0;
for (; i < CDP_DELAY_BUCKET_MAX; i++) {
for (; i < CDP_DELAY_BUCKET_MAX - 1; i++) {
if (delay >= array[i] && delay <= array[i + 1])
return i;
}