commit ad6dc9b98659cdeae2410b66f09922cef65d7481
author Abhishek Singh <absingh@qti.qualcomm.com> Fri Feb 05 12:46:36 2016 +0530
committer Satyanarayana Dash <sadash@codeaurora.org> Thu Apr 28 17:01:58 2016 +0530
tree ac3685a166996a931755ce8c27645575074156c3
parent 7cd040e4b5e21732a95ceb86909bef4767aeff90

Wlan: Fix memory leak in get ibss peer info if no peer is connected

If GETIBSSPEERINFOALL is called with no peer connected, firmware
returns 0 peers. In this case the response is dropped in WDI and
WDA callback is not called.
Thus pWdaParams allocated during request in WDA is not freed.

Even if firmware returns 0 peers, call the WDA callback from WDI
to free pWdaParams

Change-Id: Ifa85b7bed7e78919f7342669810b1ef1585eb439
CRs-Fixed: 972672

CORE/WDI/CP/src/wlan_qct_wdi.c

diff --git a/CORE/WDI/CP/src/wlan_qct_wdi.c b/CORE/WDI/CP/src/wlan_qct_wdi.c
index 9d9ebe0..aa0cb2f 100644
--- a/CORE/WDI/CP/src/wlan_qct_wdi.c
+++ b/CORE/WDI/CP/src/wlan_qct_wdi.c
@@ -31531,7 +31531,7 @@
    tHalIbssPeerParams        *pHalPeerInfoParams;
    WDI_IbssPeerInfoRspParams wdiPeerInfoRspParams;
    wpt_uint32                allocSize=0;
-   WDI_IbssPeerInfoParams   *pPeerInfoParams;
+   WDI_IbssPeerInfoParams   *pPeerInfoParams = NULL;
    wpt_uint8                 wdiCount=0;
 
    /*-------------------------------------------------------------------------
@@ -31560,28 +31560,31 @@
    wdiPeerInfoRspParams.wdiNumPeers =
              ((tHalIbssPeerInfoRspParams *)pEventData->pEventData)->numOfPeers;
 
+   if (!wdiPeerInfoRspParams.wdiNumPeers) {
+      wdiPeerInfoRspParams.wdiPeerInfoParams = NULL;
+      goto error;
+   }
+   if (wdiPeerInfoRspParams.wdiNumPeers >=
+            WDI_MAX_IBSS_PEER_SUPPORED_STAS) {
+      WPAL_TRACE( eWLAN_MODULE_DAL_CTRL, eWLAN_PAL_TRACE_LEVEL_ERROR,
+             "Number of stations %d exceed max supported stations %d set max",
+              wdiPeerInfoRspParams.wdiNumPeers,
+               WDI_MAX_IBSS_PEER_SUPPORED_STAS);
+      wdiPeerInfoRspParams.wdiNumPeers =
+            WDI_MAX_IBSS_PEER_SUPPORED_STAS - 1;
+   }
    /* Size of peer info data received from DAL */
    allocSize = (sizeof(WDI_IbssPeerInfoParams) * (wdiPeerInfoRspParams.wdiNumPeers));
 
    pPeerInfoParams = (WDI_IbssPeerInfoParams*)wpalMemoryAllocate(allocSize);
 
-    if (NULL == pPeerInfoParams)
-    {
-        WPAL_TRACE( eWLAN_MODULE_DAL_CTRL,  eWLAN_PAL_TRACE_LEVEL_WARN,
-            "Failed to allocate memory in ibss peer info response %p %p %p ",
-            pWDICtx, pEventData, pEventData->pEventData);
-        WDI_ASSERT(0);
-        return WDI_STATUS_E_FAILURE;
-    }
-
-   if (wdiPeerInfoRspParams.wdiNumPeers > WDI_MAX_IBSS_PEER_SUPPORED_STAS)
+   if (NULL == pPeerInfoParams)
    {
-      WPAL_TRACE( eWLAN_MODULE_DAL_CTRL, eWLAN_PAL_TRACE_LEVEL_FATAL,
-                   "Number of stations %d exceed max supported stations %d ",
-                    wdiPeerInfoRspParams.wdiNumPeers,
-                    WDI_MAX_IBSS_PEER_SUPPORED_STAS);
-      vos_mem_free (pPeerInfoParams);
-      return WDI_STATUS_MEM_FAILURE;
+       WPAL_TRACE( eWLAN_MODULE_DAL_CTRL,  eWLAN_PAL_TRACE_LEVEL_ERROR,
+           "Failed to allocate memory in ibss peer info response %p %p %p ",
+           pWDICtx, pEventData, pEventData->pEventData);
+       wdiPeerInfoRspParams.wdiPeerInfoParams = NULL;
+       goto error;
    }
 
    for (wdiCount = 0; wdiCount < wdiPeerInfoRspParams.wdiNumPeers; wdiCount++)
@@ -31596,7 +31599,7 @@
    }
 
    wdiPeerInfoRspParams.wdiPeerInfoParams = pPeerInfoParams;
-
+error:
    /*Notify UMAC*/
    if (wdiPeerInfoCb)
    {
@@ -31604,7 +31607,8 @@
    }
 
    /* Free the allocation */
-   vos_mem_free (pPeerInfoParams);
+   if(pPeerInfoParams)
+     vos_mem_free (pPeerInfoParams);
 
    return WDI_STATUS_SUCCESS;
 }