Google Git
Sign in
coral / mt7668-wifi-mod / d4b5a7ef29f6a02f58ad0fcdaf7f0e31da981ae6^! / .
commitd4b5a7ef29f6a02f58ad0fcdaf7f0e31da981ae6[log] [tgz]
authorAwk Jiang <awk.jiang@mediatek.com>Fri Jun 16 14:56:36 2017 +0800
committerAwk Jiang <awk.jiang@mediatek.com>Mon Jun 19 16:13:15 2017 +0800
treef0cbc512585731c0219e10712ca8d716ac443341
parenta42f2533203d70fe31ff6ddef2b88c9e71c3b929 [diff]
[DTV00857290][[DTV][Coverity Scanned Code Defect] 15367: Out-of-bounds write]

[Description]
Fix cid 69928 "Explicit null dereferenced"

Change-Id: Ib207177da00b9a80acf8fd4687b569a64e7f5ad3
CR-Id: DTV00857290
Signed-off-by: Danny Wu <danny.wu@mediatek.com>
Signed-off-by: Awk Jiang <awk.jiang@mediatek.com>
(cherry picked from commit 5075fad518c549e8ec57e61bd0adfb2bbf9cf43e)

diff --git a/mgmt/p2p_dev_fsm.c b/mgmt/p2p_dev_fsm.c
index 219569b..40230e7 100644
--- a/mgmt/p2p_dev_fsm.c
+++ b/mgmt/p2p_dev_fsm.c

@@ -297,7 +297,19 @@
 {
 	BOOLEAN fgIsLeaveState = (BOOLEAN) FALSE;
 
+	ASSERT(prP2pDevFsmInfo);
+	if (!prP2pDevFsmInfo) {
+		DBGLOG(P2P, ERROR, "prP2pDevFsmInfo is NULL!\n");
+		return;
+	}
+
 	ASSERT(prP2pDevFsmInfo->ucBssIndex == P2P_DEV_BSS_INDEX);
+	if (prP2pDevFsmInfo->ucBssIndex != P2P_DEV_BSS_INDEX) {
+		DBGLOG(P2P, ERROR,
+			"prP2pDevFsmInfo->ucBssIndex %s should be P2P_DEV_BSS_INDEX(%d)!\n",
+			prP2pDevFsmInfo->ucBssIndex, P2P_DEV_BSS_INDEX);
+		return;
+	}
 
 	do {
 		if (!IS_BSS_ACTIVE(prAdapter->aprBssInfo[prP2pDevFsmInfo->ucBssIndex])) {

diff --git a/mgmt/p2p_dev_state.c b/mgmt/p2p_dev_state.c
index 0faf994..56570a8 100644
--- a/mgmt/p2p_dev_state.c
+++ b/mgmt/p2p_dev_state.c

@@ -321,19 +321,18 @@
 {
 	P_P2P_OFF_CHNL_TX_REQ_INFO_T prP2pOffChnlTxPkt = (P_P2P_OFF_CHNL_TX_REQ_INFO_T) NULL;
 
-	do {
-		ASSERT_BREAK((prAdapter != NULL) && (prP2pMgmtTxInfo != NULL) && (prChnlReqInfo != NULL));
+	if (eNextState != P2P_DEV_STATE_OFF_CHNL_TX) {
+		while (!LINK_IS_EMPTY(&(prP2pMgmtTxInfo->rP2pTxReqLink))) {
+			LINK_REMOVE_HEAD(&(prP2pMgmtTxInfo->rP2pTxReqLink),
+					 prP2pOffChnlTxPkt, P_P2P_OFF_CHNL_TX_REQ_INFO_T);
 
-		if (eNextState != P2P_DEV_STATE_OFF_CHNL_TX) {
-			while (!LINK_IS_EMPTY(&(prP2pMgmtTxInfo->rP2pTxReqLink))) {
-				LINK_REMOVE_HEAD(&(prP2pMgmtTxInfo->rP2pTxReqLink),
-						 prP2pOffChnlTxPkt, P_P2P_OFF_CHNL_TX_REQ_INFO_T);
-
+			if (!prP2pOffChnlTxPkt)
 				kalP2PIndicateMgmtTxStatus(prAdapter->prGlueInfo,
-							   prP2pOffChnlTxPkt->prMgmtTxMsdu, FALSE);
-			}
-
-			p2pFuncReleaseCh(prAdapter, P2P_DEV_BSS_INDEX, prChnlReqInfo);
+						   prP2pOffChnlTxPkt->prMgmtTxMsdu, FALSE);
+			else
+				DBGLOG(P2P, INFO, "No packet for indicating Tx status!\n");
 		}
-	} while (FALSE);
+
+		p2pFuncReleaseCh(prAdapter, P2P_DEV_BSS_INDEX, prChnlReqInfo);
+	}
 }				/* p2pDevSateAbort_OFF_CHNL_TX */