Fix the errors observed in static source code analysis
Resolve the generic issues observed in static source code
analysis
Change-Id: I23051c3b616d11c709f7d8c753bfcf3b1aba97b9
diff --git a/CORE/MAC/src/pe/lim/limLinkMonitoringAlgo.c b/CORE/MAC/src/pe/lim/limLinkMonitoringAlgo.c
index d57cd57..ad380a4 100644
--- a/CORE/MAC/src/pe/lim/limLinkMonitoringAlgo.c
+++ b/CORE/MAC/src/pe/lim/limLinkMonitoringAlgo.c
@@ -304,7 +304,7 @@
//Fill in length
- limCopyU16((tANI_U8*)pLen, msgLength);
+ limCopyU16((tANI_U8*)pLen , msgLength);
limPostSmeMessage(pMac, eWNI_SME_DISASSOC_REQ, (tANI_U32 *) pSmeDeauthReq);
palFreeMemory( pMac->hHdd, pSmeDeauthReq );
diff --git a/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c b/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c
index 5442f9f..09f2a64 100644
--- a/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c
+++ b/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c
@@ -644,8 +644,10 @@
if (limSetLinkState(pMac, eSIR_LINK_POSTASSOC_STATE, psessionEntry->bssId,
psessionEntry->selfMacAddr, NULL, NULL) != eSIR_SUCCESS)
{
- PELOGE(limLog(pMac, LOGE, FL("Set link state to POSTASSOC failed\n"));)
- return;
+ PELOGE(limLog(pMac, LOGE, FL("Set link state to POSTASSOC failed\n"));)
+ palFreeMemory(pMac->hHdd, pBeaconStruct);
+ palFreeMemory(pMac->hHdd, pAssocRsp);
+ return;
}
}
if (subType == LIM_REASSOC)
diff --git a/CORE/MAC/src/pe/lim/limProcessTdls.c b/CORE/MAC/src/pe/lim/limProcessTdls.c
index 54eea48..d72903a 100644
--- a/CORE/MAC/src/pe/lim/limProcessTdls.c
+++ b/CORE/MAC/src/pe/lim/limProcessTdls.c
@@ -4174,8 +4174,8 @@
{
VOS_TRACE(VOS_MODULE_ID_PE, VOS_TRACE_LEVEL_ERROR,
(" add hash entry failed\n")) ;
- status = eSIR_FAILURE ;
VOS_ASSERT(0) ;
+ return eSIR_FAILURE;
}
}
diff --git a/CORE/MAC/src/pe/lim/limTrace.c b/CORE/MAC/src/pe/lim/limTrace.c
index b3c16a8..92d1d2c 100644
--- a/CORE/MAC/src/pe/lim/limTrace.c
+++ b/CORE/MAC/src/pe/lim/limTrace.c
@@ -69,6 +69,7 @@
#ifdef LIM_TRACE_RECORD
tANI_U32 gMgmtFrameStats[14];
+#define LIM_TRACE_MAX_SUBTYPES 14
static tANI_U8* __limTraceGetTimerString( tANI_U16 timerId )
@@ -146,7 +147,7 @@
void limTraceDump(tpAniSirGlobal pMac, tpTraceRecord pRecord, tANI_U16 recIndex)
{
- static char *frameSubtypeStr[14] =
+ static char *frameSubtypeStr[LIM_TRACE_MAX_SUBTYPES] =
{
"Association request",
"Association response",
@@ -164,6 +165,7 @@
"Action"
};
+
switch (pRecord->code) {
case TRACE_CODE_MLM_STATE:
limLog(pMac, LOGE, "%04d %012u S%d %-14s %-30s(0x%x) \n", recIndex, pRecord->time, pRecord->session,
@@ -179,10 +181,17 @@
break;
case TRACE_CODE_RX_MGMT:
- limLog(pMac, LOGE, "%04d %012u S%d %-14s %-30s(%d) SN: %d \n", recIndex, pRecord->time, pRecord->session,
+ if (LIM_TRACE_MAX_SUBTYPES <= LIM_TRACE_GET_SUBTYPE(pRecord->data))
+ {
+ limLog(pMac, LOGE, "Wrong Subtype - %d", LIM_TRACE_GET_SUBTYPE(pRecord->data));
+ }
+ else
+ {
+ limLog(pMac, LOGE, "%04d %012u S%d %-14s %-30s(%d) SN: %d \n", recIndex, pRecord->time, pRecord->session,
"RX Mgmt:", frameSubtypeStr[LIM_TRACE_GET_SUBTYPE(pRecord->data)],
LIM_TRACE_GET_SUBTYPE(pRecord->data),
LIM_TRACE_GET_SSN(pRecord->data) );
+ }
break;
case TRACE_CODE_RX_MGMT_DROP:
limLog(pMac, LOGE, "%04d %012u S%d %-14s %-30s(%d) \n", recIndex, pRecord->time, pRecord->session,
diff --git a/CORE/MAC/src/pe/pmm/pmmApi.c b/CORE/MAC/src/pe/pmm/pmmApi.c
index 7784dff..0447941 100644
--- a/CORE/MAC/src/pe/pmm/pmmApi.c
+++ b/CORE/MAC/src/pe/pmm/pmmApi.c
@@ -563,6 +563,7 @@
if((psessionEntry = peGetValidPowerSaveSession(pMac)) == NULL )
{
retStatus = eSIR_FAILURE;
+ palFreeMemory(pMac->hHdd, (tANI_U8*)pExitBmpsParams);
return retStatus;
}
@@ -2359,7 +2360,7 @@
tSirRetStatus retStatus = eSIR_SUCCESS;
tSirResultCodes smeRspCode = eSIR_SME_SUCCESS;
tpPESession pSessionEntry;
- tpSirHalWowlExitParams pHalWowlMsg;
+ tpSirHalWowlExitParams pHalWowlMsg = NULL;
tANI_U8 PowersavesessionId = 0;
PowersavesessionId = pMac->pmm.sessionId;
diff --git a/CORE/MAC/src/pe/rrm/rrmApi.c b/CORE/MAC/src/pe/rrm/rrmApi.c
index 570cfaa..d276e51 100644
--- a/CORE/MAC/src/pe/rrm/rrmApi.c
+++ b/CORE/MAC/src/pe/rrm/rrmApi.c
@@ -194,10 +194,7 @@
if( eSIR_SUCCESS != (retCode = wdaPostCtrlMsg( pMac, &msgQ )))
{
limLog( pMac, LOGP, FL("Posting WDA_SET_MAX_TX_POWER_REQ to HAL failed, reason=%X"), retCode );
- if (NULL != pMaxTxParams)
- {
- palFreeMemory( pMac->hHdd, (tANI_U8 *) pMaxTxParams );
- }
+ palFreeMemory( pMac->hHdd, (tANI_U8 *) pMaxTxParams );
return retCode;
}
return retCode;
@@ -1013,6 +1010,7 @@
{
limLog( pMac, LOGP,
FL( "Unable to PAL allocate memory during RRM Req processing" ));
+ palFreeMemory( pMac->hHdd, pReport );
return eSIR_MEM_ALLOC_FAILED;
}
#if defined WLAN_VOWIFI_DEBUG
diff --git a/CORE/SME/inc/csrInternal.h b/CORE/SME/inc/csrInternal.h
index 65726ed..7f524b9 100644
--- a/CORE/SME/inc/csrInternal.h
+++ b/CORE/SME/inc/csrInternal.h
@@ -682,9 +682,9 @@
tDblLinkList channelPowerInfoList5G;
tANI_U32 nLastAgeTimeOut;
tANI_U32 nAgingCountDown;
- tANI_U8 countryCodeDefault[WNI_CFG_COUNTRY_CODE_LEN+1]; //The country code from NV
- tANI_U8 countryCodeCurrent[WNI_CFG_COUNTRY_CODE_LEN+1];
- tANI_U8 countryCode11d[WNI_CFG_COUNTRY_CODE_LEN+1];
+ tANI_U8 countryCodeDefault[WNI_CFG_COUNTRY_CODE_LEN]; //The country code from NV
+ tANI_U8 countryCodeCurrent[WNI_CFG_COUNTRY_CODE_LEN];
+ tANI_U8 countryCode11d[WNI_CFG_COUNTRY_CODE_LEN];
v_REGDOMAIN_t domainIdDefault; //default regulatory domain
v_REGDOMAIN_t domainIdCurrent; //current regulatory domain
tANI_BOOLEAN f11dInfoApplied;
diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c
index 46e15f3..bfe6476 100644
--- a/CORE/SME/src/csr/csrApiRoam.c
+++ b/CORE/SME/src/csr/csrApiRoam.c
@@ -347,7 +347,7 @@
pMac->scan.countryCodeDefault[2] = 'I';
//status = eHAL_STATUS_SUCCESS;
}
- smsLog( pMac, LOG1, FL(" country Code from nvRam %s"), pMac->scan.countryCodeDefault );
+ smsLog( pMac, LOG1, FL(" country Code from nvRam %.2s"), pMac->scan.countryCodeDefault );
csrGetRegulatoryDomainForCountry(pMac, pMac->scan.countryCodeDefault, ®Id);
WDA_SetRegDomain(pMac, regId);
pMac->scan.domainIdDefault = regId;
@@ -371,10 +371,12 @@
smsLog( pMac, LOGW, FL(" Invalid country Code Pointer") );
return eHAL_STATUS_FAILURE;
}
- smsLog( pMac, LOGW, FL(" country Code %s"), apCntryCode );
+ smsLog( pMac, LOGW, FL(" country Code %.2s"), apCntryCode );
/* To get correct Regulatory domain from NV table
* 2 character Country code should be used
* 3rd charater is optional for indoor/outdoor setting */
+ cntryCodeLength = WNI_CFG_COUNTRY_CODE_LEN;
+/*
cntryCodeLength = strlen(apCntryCode);
if (cntryCodeLength > WNI_CFG_COUNTRY_CODE_LEN)
@@ -382,17 +384,17 @@
smsLog( pMac, LOGW, FL(" Invalid Country Code Length") );
return eHAL_STATUS_FAILURE;
}
-
+*/
status = csrGetRegulatoryDomainForCountry(pMac, apCntryCode, ®Id);
if (status != eHAL_STATUS_SUCCESS)
{
- smsLog( pMac, LOGE, FL(" fail to get regId for country Code %s"), apCntryCode );
+ smsLog( pMac, LOGE, FL(" fail to get regId for country Code %.2s"), apCntryCode );
return status;
}
status = WDA_SetRegDomain(hHal, regId);
if (status != eHAL_STATUS_SUCCESS)
{
- smsLog( pMac, LOGE, FL(" fail to get regId for country Code %s"), apCntryCode );
+ smsLog( pMac, LOGE, FL(" fail to get regId for country Code %.2s"), apCntryCode );
return status;
}
pMac->scan.domainIdDefault = regId;
@@ -4480,12 +4482,17 @@
//nIeLen doesn't count EID and length fields
if(HAL_STATUS_SUCCESS((status = palAllocateMemory(pMac->hHdd, (void **)&pSession->pWpaRsnRspIE, nIeLen + 2))))
{
+ palZeroMemory(pMac->hHdd, pSession->pWpaRsnRspIE, nIeLen + 2);
pSession->pWpaRsnRspIE[0] = DOT11F_EID_RSN;
pSession->pWpaRsnRspIE[1] = (tANI_U8)nIeLen;
//copy upto akm_suites
pIeBuf = pSession->pWpaRsnRspIE + 2;
- palCopyMemory(pMac->hHdd, pIeBuf, &pIesLocal->RSN.version, 8);
- pIeBuf += 8;
+ palCopyMemory(pMac->hHdd, pIeBuf, &pIesLocal->RSN.version, sizeof(pIesLocal->RSN.version));
+ pIeBuf += sizeof(pIesLocal->RSN.version);
+ palCopyMemory(pMac->hHdd, pIeBuf, &pIesLocal->RSN.gp_cipher_suite, sizeof(pIesLocal->RSN.gp_cipher_suite));
+ pIeBuf += sizeof(pIesLocal->RSN.gp_cipher_suite);
+ palCopyMemory(pMac->hHdd, pIeBuf, &pIesLocal->RSN.pwise_cipher_suite_count, sizeof(pIesLocal->RSN.pwise_cipher_suite_count));
+ pIeBuf += sizeof(pIesLocal->RSN.pwise_cipher_suite_count );
if( pIesLocal->RSN.pwise_cipher_suite_count )
{
//copy pwise_cipher_suites
@@ -12709,6 +12716,7 @@
{
smsLog( pMac,LOGE, FL("****Start BSS failed persona already exists***"));
status = eHAL_STATUS_FAILURE;
+ palFreeMemory( pMac->hHdd, pMsg );
return status;
}
diff --git a/CORE/SME/src/csr/csrApiScan.c b/CORE/SME/src/csr/csrApiScan.c
index 71c61f3..825aa54 100644
--- a/CORE/SME/src/csr/csrApiScan.c
+++ b/CORE/SME/src/csr/csrApiScan.c
@@ -438,6 +438,11 @@
tSmeCmd *pQueueScanCmd=NULL;
tSmeCmd *pSendScanCmd=NULL;
+ if (NULL == pScanCmd)
+ {
+ smsLog (pMac, LOGE, FL("Scan Req cmd is NULL"));
+ return eHAL_STATUS_FAILURE;
+ }
/* split scan if any one of the following:
* - STA session is connected and the scan is not a P2P search
* - any P2P session is connected
diff --git a/CORE/SME/src/pmc/pmcApi.c b/CORE/SME/src/pmc/pmcApi.c
index 16bf4f9..5c44eae 100644
--- a/CORE/SME/src/pmc/pmcApi.c
+++ b/CORE/SME/src/pmc/pmcApi.c
@@ -3136,6 +3136,7 @@
VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR,
"%s: Not able to post WDA_PACKET_COALESCING_FILTER_MATCH_COUNT_REQ "
"message to WDA", __func__);
+ vos_mem_free(pRequestBuf);
return eHAL_STATUS_FAILURE;
}
diff --git a/CORE/SYS/common/inc/wlan_qct_sys.h b/CORE/SYS/common/inc/wlan_qct_sys.h
index bf8c468..8264126 100644
--- a/CORE/SYS/common/inc/wlan_qct_sys.h
+++ b/CORE/SYS/common/inc/wlan_qct_sys.h
@@ -103,6 +103,7 @@
SYS_MSG_ID_RX_TIMER,
SYS_MSG_ID_MC_STOP,
+ SYS_MSG_ID_FTM_RSP,
} SYS_MSG_ID;
diff --git a/CORE/SYS/common/src/wlan_qct_sys.c b/CORE/SYS/common/src/wlan_qct_sys.c
index c60d8df..e39613d 100644
--- a/CORE/SYS/common/src/wlan_qct_sys.c
+++ b/CORE/SYS/common/src/wlan_qct_sys.c
@@ -95,7 +95,6 @@
// Cookie for SYS messages. Note that anyone posting a SYS Message has to
// write the COOKIE in the reserved field of the message. The SYS Module
// relies on this COOKIE
-#define SYS_MSG_ID_FTM_RSP 11
#define FTM_SYS_MSG_COOKIE 0xFACE
#define SYS_MSG_COOKIE ( 0xFACE )
@@ -614,7 +613,14 @@
** It is up to the callee to free it
*/
- VOS_ASSERT(NULL != pMsg);
+
+ if (NULL == pMsg)
+ {
+ VOS_TRACE( VOS_MODULE_ID_SYS, VOS_TRACE_LEVEL_ERROR,
+ "NULL Message Pointer");
+ VOS_ASSERT(0);
+ return;
+ }
switch (pMsg->type)
diff --git a/CORE/SYS/legacy/src/platform/src/VossWrapper.c b/CORE/SYS/legacy/src/platform/src/VossWrapper.c
index e9c3f8f..be04bb9 100644
--- a/CORE/SYS/legacy/src/platform/src/VossWrapper.c
+++ b/CORE/SYS/legacy/src/platform/src/VossWrapper.c
@@ -284,12 +284,22 @@
{
TX_TIMER *timer_ptr = (TX_TIMER *)functionContext;
- VOS_ASSERT(NULL != timer_ptr);
- VOS_ASSERT(NULL != timer_ptr->pExpireFunc);
+ if (NULL == timer_ptr)
+ {
+ VOS_ASSERT(0);
+ return;
+ }
+
+
+ if (NULL == timer_ptr->pExpireFunc)
+ {
+ VOS_ASSERT(0);
+ return;
+ }
VOS_TRACE(VOS_MODULE_ID_SYS, VOS_TRACE_LEVEL_INFO,
- "Timer %s triggered\n", TIMER_NAME);
+ "Timer %s triggered", TIMER_NAME);
// Now call the actual timer function, taking the function pointer,
// from the timer structure.
@@ -306,7 +316,7 @@
if (VOS_STATUS_SUCCESS != status)
{
VOS_TRACE(VOS_MODULE_ID_SYS, VOS_TRACE_LEVEL_WARN,
- "Unable to reschedule timer %s; status=%d\n", TIMER_NAME, status);
+ "Unable to reschedule timer %s; status=%d", TIMER_NAME, status);
}
}
} /*** tx_timer_change() ***/
@@ -403,7 +413,7 @@
#ifdef WLAN_DEBUG
// Store the timer name
- vos_mem_copy(timer_ptr->timerName, name_ptr, sizeof(timer_ptr->timerName));
+ strlcpy(timer_ptr->timerName, name_ptr, sizeof(timer_ptr->timerName));
#endif // Store the timer name, for Debug build only
status = vos_timer_init( &timer_ptr->vosTimer, VOS_TIMER_TYPE_SW,
diff --git a/CORE/SYS/legacy/src/utils/src/parserApi.c b/CORE/SYS/legacy/src/utils/src/parserApi.c
index 3580971..0a6a60e 100644
--- a/CORE/SYS/legacy/src/utils/src/parserApi.c
+++ b/CORE/SYS/legacy/src/utils/src/parserApi.c
@@ -2263,7 +2263,7 @@
}
if ( ar->OperatingMode.present )
{
- palCopyMemory( pMac, &pAssocReq->operMode, &ar->OperatingMode, sizeof( tDot11fIEVHTCaps ) );
+ palCopyMemory( pMac, &pAssocReq->operMode, &ar->OperatingMode, sizeof (tDot11fIEOperatingMode));
limLog( pMac, LOGW, FL("Received Assoc Req with Operating Mode IE\n"));
limLogOperatingMode( pMac, &pAssocReq->operMode);
}