Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Prechádzať zdrojové kódy

qcacld-3.0: Handle error case in wma_extscan_cached_results_event_handler

Currently, driver calls wma_group_num_bss_to_scan_id API from
wma_extscan_cached_results_event_handler to group bss to scan id
table. Without checking return status of wma_group_num_bss_to_scan_id,
HDD callback is called which can lead to NULL pointer de-reference issue
in wlan_hdd_cfg80211_extscan_cached_results_ind if malloc for
t_scan_id_grp->ap fails in wma_group_num_bss_to_scan_id.

Add check for return status of "wma_group_num_bss_to_scan_id" in
wma_extscan_cached_results_event_handler before invoking HDD callback

Change-Id: I457f39404436c54feb4b555f8101895d3c1ae5d7
CRs-Fixed: 2188297
Abhinav Kumar 7 rokov pred
rodič
9709de96f4
commit
cc86496435
1 zmenil súbory, kde vykonal 8 pridanie a 3 odobranie
Rozdelené zobrazenie Ukázať štatistiku rozdielnych dát
  1. 8 3
      core/wma/src/wma_scan_roam.c

+ 8 - 3
core/wma/src/wma_scan_roam.c
Zobraziť súbor 

@@ -3977,7 +3977,7 @@ int wma_extscan_cached_results_event_handler(void *handle,
 
 	struct extscan_cached_scan_results empty_cachelist;
 
 	wmi_extscan_wlan_descriptor *src_hotlist;
 
 	wmi_extscan_rssi_info *src_rssi;
 
-	int i, moredata, scan_ids_cnt, buf_len;
 
+	int i, moredata, scan_ids_cnt, buf_len, status;
 
 	tpAniSirGlobal pMac = cds_get_context(QDF_MODULE_ID_PE);
 
 	uint32_t total_len;
 
 	bool excess_data = false;
 
@@ -4075,19 +4075,24 @@ int wma_extscan_cached_results_event_handler(void *handle,
 
 
 	dest_result = dest_cachelist->result;
 
 	wma_fill_num_results_per_scan_id(cmd_param_info, dest_result);
 
-	wma_group_num_bss_to_scan_id(cmd_param_info, dest_cachelist);
 
 
+	status = wma_group_num_bss_to_scan_id(cmd_param_info, dest_cachelist);
 
+	if (!status)
 
 	pMac->sme.pExtScanIndCb(pMac->hHdd,
 
 				eSIR_EXTSCAN_CACHED_RESULTS_IND,
 
 				dest_cachelist);
 
+	else
 
+		WMA_LOGD("wma_group_num_bss_to_scan_id failed, not calling callback");
 
+
 
 	dest_result = dest_cachelist->result;
 
 	for (i = 0; i < dest_cachelist->num_scan_ids; i++) {
 
+		if (dest_result->ap)
 
 		qdf_mem_free(dest_result->ap);
 
 		dest_result++;
 
 	}
 
 	qdf_mem_free(dest_cachelist->result);
 
 	qdf_mem_free(dest_cachelist);
 
-	return 0;
 
+	return status;
 
 
 noresults:
 
 	empty_cachelist.request_id = event->request_id;