qcacmn: Fix multiple free of a single memory and memory leak in scan
MBSSID beacon support change 2371483 caused multiple free of
scan_list in failure cases. Also only memory for scan_list was
freed without freeing any scan entries in scan_list.
Fix multiple free of scan_list by multiple functions and free
each scan entry in scan_list before freeing scan_list memory itself.
Change-Id: I113391629f544b7accb9a4d1b7aaea11624e0d6e
CRs-Fixed: 2295311
diff --git a/umac/scan/dispatcher/src/wlan_scan_utils_api.c b/umac/scan/dispatcher/src/wlan_scan_utils_api.c
index 51608af..91e420b 100644
--- a/umac/scan/dispatcher/src/wlan_scan_utils_api.c
+++ b/umac/scan/dispatcher/src/wlan_scan_utils_api.c
@@ -980,7 +980,6 @@
scan_entry = qdf_mem_malloc_atomic(sizeof(*scan_entry));
if (!scan_entry) {
scm_err("failed to allocate memory for scan_entry");
- qdf_mem_free(scan_list);
return QDF_STATUS_E_NOMEM;
}
scan_entry->raw_frame.ptr =
@@ -988,7 +987,6 @@
if (!scan_entry->raw_frame.ptr) {
scm_err("failed to allocate memory for frame");
qdf_mem_free(scan_entry);
- qdf_mem_free(scan_list);
return QDF_STATUS_E_NOMEM;
}
@@ -1380,7 +1378,8 @@
struct mgmt_rx_event_params *rx_param,
qdf_list_t *scan_list)
{
- return QDF_STATUS_SUCCESS;
+ return util_scan_gen_scan_entry(pdev, frame, frame_len,
+ frm_subtype, rx_param, scan_list);
}
#endif
@@ -1409,13 +1408,14 @@
*/
if (util_scan_find_ie(WLAN_ELEMID_MULTIPLE_BSSID,
(uint8_t *)&bcn->ie, ie_len))
- util_scan_parse_mbssid(pdev, frame, frame_len,
- frm_subtype, rx_param, scan_list);
-
- status = util_scan_gen_scan_entry(pdev, frame, frame_len,
- frm_subtype, rx_param, scan_list);
+ status = util_scan_parse_mbssid(pdev, frame, frame_len,
+ frm_subtype, rx_param,
+ scan_list);
+ else
+ status = util_scan_gen_scan_entry(pdev, frame, frame_len,
+ frm_subtype, rx_param,
+ scan_list);
if (QDF_IS_STATUS_ERROR(status)) {
- qdf_mem_free(scan_list);
scm_err("Failed to create a scan entry");
}
@@ -1441,7 +1441,7 @@
frm_subtype, rx_param,
scan_list);
if (QDF_IS_STATUS_ERROR(status)) {
- qdf_mem_free(scan_list);
+ ucfg_scan_purge_results(scan_list);
return NULL;
}