[DTV00857290][[DTV][Coverity Scanned Code Defect] 15367: Out-of-bounds write]
[Description]
Fix
1. cid 96560 "Missing break in switch"
2. cid 96558 "Dereference after null check"
3. cid 15680 "Missing break in switch"
4. cid 15139 "Logically dead code" in scan.c
Change-Id: Ie1d8311586d5747498dbb40f7d2e898a62648a01
Signed-off-by: Danny Wu <danny.wu@mediatek.com>
CR-Id: DTV00857290
Signed-off-by: Awk Jiang <awk.jiang@mediatek.com>
(cherry picked from commit e129864afd708a47f8c8abbf478c2d29f3da5176)
diff --git a/mgmt/scan.c b/mgmt/scan.c
index c38a6c4..1d5d91c 100644
--- a/mgmt/scan.c
+++ b/mgmt/scan.c
@@ -549,11 +549,13 @@
u4RemoveTime = u4RemoveTime / 2;
} while (u4RemoveTime > 0);
- COPY_SSID(prRoamBssDesc->aucSSID, prRoamBssDesc->ucSSIDLen,
- prBssDesc->aucSSID, prBssDesc->ucSSIDLen);
+ if (prRoamBssDesc != NULL)
+ COPY_SSID(prRoamBssDesc->aucSSID, prRoamBssDesc->ucSSIDLen,
+ prBssDesc->aucSSID, prBssDesc->ucSSIDLen);
}
- GET_CURRENT_SYSTIME(&prRoamBssDesc->rUpdateTime);
+ if (prRoamBssDesc != NULL)
+ GET_CURRENT_SYSTIME(&prRoamBssDesc->rUpdateTime);
}
@@ -632,68 +634,64 @@
switch (eBSSType) {
case BSS_TYPE_P2P_DEVICE:
fgCheckSsid = FALSE;
+ /* fall through */
case BSS_TYPE_INFRASTRUCTURE:
#if CFG_SUPPORT_ROAMING_SKIP_ONE_AP
scanSearchBssDescOfRoamSsid(prAdapter);
+ /* fall through */
#endif
case BSS_TYPE_BOW_DEVICE:
- {
- prBssDesc = scanSearchBssDescByBssidAndSsid(prAdapter, aucBSSID, fgCheckSsid, prSsid);
+ prBssDesc = scanSearchBssDescByBssidAndSsid(prAdapter, aucBSSID, fgCheckSsid, prSsid);
- /* if (eBSSType == prBssDesc->eBSSType) */
+ /* if (eBSSType == prBssDesc->eBSSType) */
- return prBssDesc;
- }
-
+ return prBssDesc;
case BSS_TYPE_IBSS:
- {
- prIBSSBssDesc = scanSearchBssDescByBssidAndSsid(prAdapter, aucBSSID, fgCheckSsid, prSsid);
- prBssDesc = scanSearchBssDescByTAAndSsid(prAdapter, aucSrcAddr, fgCheckSsid, prSsid);
+ prIBSSBssDesc = scanSearchBssDescByBssidAndSsid(prAdapter, aucBSSID, fgCheckSsid, prSsid);
+ prBssDesc = scanSearchBssDescByTAAndSsid(prAdapter, aucSrcAddr, fgCheckSsid, prSsid);
- /* NOTE(Kevin):
- * Rules to maintain the SCAN Result:
- * For AdHoc -
- * CASE I We have TA1(BSSID1), but it change its BSSID to BSSID2
- * -> Update TA1 entry's BSSID.
- * CASE II We have TA1(BSSID1), and get TA1(BSSID1) again
- * -> Update TA1 entry's contain.
- * CASE III We have a SCAN result TA1(BSSID1), and TA2(BSSID2). Sooner or
- * later, TA2 merge into TA1, we get TA2(BSSID1)
- * -> Remove TA2 first and then replace TA1 entry's TA with TA2,
- * Still have only one entry of BSSID.
- * CASE IV We have a SCAN result TA1(BSSID1), and another TA2 also merge into BSSID1.
- * -> Replace TA1 entry's TA with TA2, Still have only one entry.
- * CASE V New IBSS
- * -> Add this one to SCAN result.
- */
- if (prBssDesc) {
- if ((!prIBSSBssDesc) || /* CASE I */
- (prBssDesc == prIBSSBssDesc)) { /* CASE II */
+ /* NOTE(Kevin):
+ * Rules to maintain the SCAN Result:
+ * For AdHoc -
+ * CASE I We have TA1(BSSID1), but it change its BSSID to BSSID2
+ * -> Update TA1 entry's BSSID.
+ * CASE II We have TA1(BSSID1), and get TA1(BSSID1) again
+ * -> Update TA1 entry's contain.
+ * CASE III We have a SCAN result TA1(BSSID1), and TA2(BSSID2). Sooner or
+ * later, TA2 merge into TA1, we get TA2(BSSID1)
+ * -> Remove TA2 first and then replace TA1 entry's TA with TA2,
+ * Still have only one entry of BSSID.
+ * CASE IV We have a SCAN result TA1(BSSID1), and another TA2 also merge into BSSID1.
+ * -> Replace TA1 entry's TA with TA2, Still have only one entry.
+ * CASE V New IBSS
+ * -> Add this one to SCAN result.
+ */
+ if (prBssDesc) {
+ if ((!prIBSSBssDesc) || /* CASE I */
+ (prBssDesc == prIBSSBssDesc)) { /* CASE II */
- return prBssDesc;
- }
-
-
- prBSSDescList = &prScanInfo->rBSSDescList;
- prFreeBSSDescList = &prScanInfo->rFreeBSSDescList;
-
- /* Remove this BSS Desc from the BSS Desc list */
- LINK_REMOVE_KNOWN_ENTRY(prBSSDescList, prBssDesc);
-
- /* Return this BSS Desc to the free BSS Desc list. */
- LINK_INSERT_TAIL(prFreeBSSDescList, &prBssDesc->rLinkEntry);
-
- return prIBSSBssDesc;
+ return prBssDesc;
}
- if (prIBSSBssDesc) { /* CASE IV */
- return prIBSSBssDesc;
- }
- /* CASE V */
- break; /* Return NULL; */
+ prBSSDescList = &prScanInfo->rBSSDescList;
+ prFreeBSSDescList = &prScanInfo->rFreeBSSDescList;
+
+ /* Remove this BSS Desc from the BSS Desc list */
+ LINK_REMOVE_KNOWN_ENTRY(prBSSDescList, prBssDesc);
+
+ /* Return this BSS Desc to the free BSS Desc list. */
+ LINK_INSERT_TAIL(prFreeBSSDescList, &prBssDesc->rLinkEntry);
+
+ return prIBSSBssDesc;
}
+ if (prIBSSBssDesc) { /* CASE IV */
+
+ return prIBSSBssDesc;
+ }
+ /* CASE V */
+ break; /* Return NULL; */
default:
break;
}
@@ -1862,7 +1860,7 @@
prBssDesc = scanAddToBssDesc(prAdapter, prSwRfb);
if (prBssDesc) {
-
+#if CFG_SUPPORT_BEACON_CHANGE_DETECTION
/* 4 <1.1> Beacon Change Detection for Connected BSS */
if (prAisBssInfo->eConnectionState == PARAM_MEDIA_STATE_CONNECTED &&
((prBssDesc->eBSSType == BSS_TYPE_INFRASTRUCTURE && prConnSettings->eOPMode != NET_TYPE_IBSS)
@@ -1872,16 +1870,15 @@
prAisBssInfo->ucSSIDLen)) {
BOOLEAN fgNeedDisconnect = FALSE;
-#if CFG_SUPPORT_BEACON_CHANGE_DETECTION
/* <1.1.2> check if supported rate differs */
if (prAisBssInfo->u2OperationalRateSet != prBssDesc->u2OperationalRateSet)
fgNeedDisconnect = TRUE;
-#endif
/* <1.1.3> beacon content change detected, disconnect immediately */
if (fgNeedDisconnect == TRUE)
aisBssBeaconTimeout(prAdapter);
}
+#endif
/* 4 <1.1> Update AIS_BSS_INFO */
if (((prBssDesc->eBSSType == BSS_TYPE_INFRASTRUCTURE && prConnSettings->eOPMode != NET_TYPE_IBSS)
|| (prBssDesc->eBSSType == BSS_TYPE_IBSS && prConnSettings->eOPMode != NET_TYPE_INFRA))) {
