Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qca-wifi-host-cmn / c341ca71a1328dd1001995aed7c239df913f4dec^! / . / umac / scan / dispatcher / src / wlan_scan_utils_api.c
commitc341ca71a1328dd1001995aed7c239df913f4dec[log] [tgz]
authorOm Prakash Tripathi <otripath@codeaurora.org>Tue Aug 14 15:41:34 2018 +0530
committernshrivas <nshrivas@codeaurora.org>Thu Aug 16 06:27:22 2018 -0700
tree1bc5917be3321a687a596746c0bd6b6b18f640b5
parent37ce7097c7d597c20163cccf505e51ad992127b1 [diff] [blame]
qcacmn: Fix multiple free of a single memory and memory leak in scan

MBSSID beacon support change 2371483 caused multiple free of
scan_list in failure cases. Also only memory for scan_list was
freed without freeing any scan entries in scan_list.
Fix multiple free of scan_list by multiple functions and free
each scan entry in scan_list before freeing scan_list memory itself.

Change-Id: I113391629f544b7accb9a4d1b7aaea11624e0d6e
CRs-Fixed: 2295311

diff --git a/umac/scan/dispatcher/src/wlan_scan_utils_api.c b/umac/scan/dispatcher/src/wlan_scan_utils_api.c
index 51608af..91e420b 100644
--- a/umac/scan/dispatcher/src/wlan_scan_utils_api.c
+++ b/umac/scan/dispatcher/src/wlan_scan_utils_api.c

@@ -980,7 +980,6 @@
 	scan_entry = qdf_mem_malloc_atomic(sizeof(*scan_entry));
 	if (!scan_entry) {
 		scm_err("failed to allocate memory for scan_entry");
-		qdf_mem_free(scan_list);
 		return QDF_STATUS_E_NOMEM;
 	}
 	scan_entry->raw_frame.ptr =
@@ -988,7 +987,6 @@
 	if (!scan_entry->raw_frame.ptr) {
 		scm_err("failed to allocate memory for frame");
 		qdf_mem_free(scan_entry);
-		qdf_mem_free(scan_list);
 		return QDF_STATUS_E_NOMEM;
 	}
 
@@ -1380,7 +1378,8 @@
 					 struct mgmt_rx_event_params *rx_param,
 					 qdf_list_t *scan_list)
 {
-	return QDF_STATUS_SUCCESS;
+	return util_scan_gen_scan_entry(pdev, frame, frame_len,
+					frm_subtype, rx_param, scan_list);
 }
 #endif
 
@@ -1409,13 +1408,14 @@
 	 */
 	if (util_scan_find_ie(WLAN_ELEMID_MULTIPLE_BSSID,
 			      (uint8_t *)&bcn->ie, ie_len))
-		util_scan_parse_mbssid(pdev, frame, frame_len,
-				       frm_subtype, rx_param, scan_list);
-
-	status = util_scan_gen_scan_entry(pdev, frame, frame_len,
-					  frm_subtype, rx_param, scan_list);
+		status = util_scan_parse_mbssid(pdev, frame, frame_len,
+						frm_subtype, rx_param,
+						scan_list);
+	else
+		status = util_scan_gen_scan_entry(pdev, frame, frame_len,
+						  frm_subtype, rx_param,
+						  scan_list);
 	if (QDF_IS_STATUS_ERROR(status)) {
-		qdf_mem_free(scan_list);
 		scm_err("Failed to create a scan entry");
 	}
 
@@ -1441,7 +1441,7 @@
 					      frm_subtype, rx_param,
 					      scan_list);
 	if (QDF_IS_STATUS_ERROR(status)) {
-		qdf_mem_free(scan_list);
+		ucfg_scan_purge_results(scan_list);
 		return NULL;
 	}