Fix the issues observed in static source code analysis
Resolve the generic issues observed in static source
code analysis
Change-Id: Ia16e4eae5659cff98dd40059331afe2c356fb9b5
diff --git a/CORE/MAC/src/pe/lim/limAssocUtils.c b/CORE/MAC/src/pe/lim/limAssocUtils.c
index 4a9244f..0dd2980 100644
--- a/CORE/MAC/src/pe/lim/limAssocUtils.c
+++ b/CORE/MAC/src/pe/lim/limAssocUtils.c
@@ -1649,8 +1649,16 @@
#endif // TO SUPPORT BT-AMP
/* copy operational rate set from psessionEntry */
- palCopyMemory(pMac->hHdd,(tANI_U8 *)tempRateSet.rate,(tANI_U8*)(psessionEntry->rateSet.rate), psessionEntry->rateSet.numRates);
- tempRateSet.numRates = psessionEntry->rateSet.numRates;
+ if ( psessionEntry->rateSet.numRates < SIR_MAC_RATESET_EID_MAX )
+ {
+ palCopyMemory(pMac->hHdd,(tANI_U8 *)tempRateSet.rate,(tANI_U8*)(psessionEntry->rateSet.rate), psessionEntry->rateSet.numRates);
+ tempRateSet.numRates = psessionEntry->rateSet.numRates;
+ }
+ else
+ {
+ limLog(pMac, LOGE, FL("more than SIR_MAC_RATESET_EID_MAX rates\n"));
+ goto error;
+ }
if (phyMode == WNI_CFG_PHY_MODE_11G)
{
@@ -1667,9 +1675,15 @@
}
tempRateSet2.numRates = (tANI_U8) val;
#endif
-
- palCopyMemory(pMac->hHdd,(tANI_U8 *)tempRateSet2.rate, (tANI_U8*)(psessionEntry->extRateSet.rate), psessionEntry->extRateSet.numRates);
- tempRateSet2.numRates = psessionEntry->extRateSet.numRates;
+ if (psessionEntry->extRateSet.numRates < SIR_MAC_RATESET_EID_MAX)
+ {
+ palCopyMemory(pMac->hHdd,(tANI_U8 *)tempRateSet2.rate, (tANI_U8*)(psessionEntry->extRateSet.rate), psessionEntry->extRateSet.numRates);
+ tempRateSet2.numRates = psessionEntry->extRateSet.numRates;
+ }
+ else {
+ limLog(pMac, LOGE, FL("psessionEntry->extRateSet.numRates more than SIR_MAC_RATESET_EID_MAX rates\n"));
+ goto error;
+ }
}
else
@@ -1704,7 +1718,7 @@
min = 0;
val = 0xff;
isArate = 0;
- for(j = 0;j < tempRateSet.numRates; j++)
+ for(j = 0; (j < tempRateSet.numRates) && (j < SIR_MAC_RATESET_EID_MAX); j++)
{
if ((tANI_U32) (tempRateSet.rate[j] & 0x7f) < val)
{
@@ -1927,7 +1941,7 @@
* Copy received rates in tempRateSet, the parser has ensured
* unicity of the rates so there cannot be more than 12
*/
- for(i = 0; i < pOperRateSet->numRates; i++)
+ for(i = 0; (i < pOperRateSet->numRates && i < SIR_MAC_RATESET_EID_MAX) ; i++)
{
tempRateSet.rate[i] = pOperRateSet->rate[i];
}
@@ -1947,7 +1961,7 @@
int found = 0;
int tail = tempRateSet.numRates;
- for( i = 0; i < pExtRateSet->numRates; i++ )
+ for( i = 0; (i < pExtRateSet->numRates && i < SIR_MAC_RATESET_EID_MAX); i++ )
{
found = 0;
for( j = 0; j < (tANI_U32) tail; j++ )
@@ -1976,7 +1990,7 @@
}
else
{
- for(j = 0; j < pExtRateSet->numRates; j++)
+ for(j = 0; ((j < pExtRateSet->numRates) && (j < SIR_MAC_RATESET_EID_MAX) && ((i+j) < SIR_MAC_RATESET_EID_MAX)); j++)
tempRateSet.rate[i+j] = pExtRateSet->rate[j];
tempRateSet.numRates += pExtRateSet->numRates;
@@ -1988,9 +2002,9 @@
tANI_U8 aRateIndex = 0;
tANI_U8 bRateIndex = 0;
palZeroMemory( pMac->hHdd, (tANI_U8 *) rates, sizeof(tSirSupportedRates));
- for(i = 0;i < tempRateSet2.numRates; i++)
+ for(i = 0;(i < tempRateSet2.numRates && i < SIR_MAC_RATESET_EID_MAX ); i++)
{
- for(j = 0;j < tempRateSet.numRates; j++)
+ for(j = 0;(j < tempRateSet.numRates && j < SIR_MAC_RATESET_EID_MAX); j++)
{
if ((tempRateSet2.rate[i] & 0x7F) ==
(tempRateSet.rate[j] & 0x7F))