qcacmn: Fix static code analysis issues in DP
In dp_srng_init, max_buffer_length and prefetch_timer are used while uninitialized. In dp_bucket_index, overrunning array cdp_sw_enq_delay leads to out-of-bounds access. In dp_rx_defrag_fraglist_insert, cur is first NULL checked but cur is again set to qdf_nbuf_next and is accessed without NULL check. Thus do a NULL check again before dereferencing cur to avoid potential NULL pointer dereference. In htt_t2h_stats_handler, soc could be NULL while cmn_init_done is dereferenced. Thus fix it by NULL check soc first and then dereference cmn_init_done. Change-Id: Ie6a33347d34862f30ba04a10096d3892af7571d3 CRs-Fixed: 2751573
This commit is contained in:
@@ -1460,7 +1460,7 @@ static QDF_STATUS dp_srng_init(struct dp_soc *soc, struct dp_srng *srng,
|
||||
/* memset the srng ring to zero */
|
||||
qdf_mem_zero(srng->base_vaddr_unaligned, srng->alloc_size);
|
||||
|
||||
ring_params.flags = 0;
|
||||
qdf_mem_zero(&ring_params, sizeof(struct hal_srng_params));
|
||||
ring_params.ring_base_paddr = srng->base_paddr_aligned;
|
||||
ring_params.ring_base_vaddr = srng->base_vaddr_aligned;
|
||||
|
||||
@@ -11700,7 +11700,7 @@ static uint8_t dp_bucket_index(uint32_t delay, uint16_t *array)
|
||||
{
|
||||
uint8_t i = CDP_DELAY_BUCKET_0;
|
||||
|
||||
for (; i < CDP_DELAY_BUCKET_MAX; i++) {
|
||||
for (; i < CDP_DELAY_BUCKET_MAX - 1; i++) {
|
||||
if (delay >= array[i] && delay <= array[i + 1])
|
||||
return i;
|
||||
}
|
||||
|
Reference in New Issue
Block a user