From 0fe9bfaf147d062c1f559fe0a9534a8e8ca06e2f Mon Sep 17 00:00:00 2001 From: Pragya Gupta Date: Mon, 10 Jul 2017 19:40:22 +0530 Subject: [PATCH] [7885]wlbt : Fix coverity issues (Critical and Major) Fix coverity issues (Critical and Major) Change-Id: I4bf05e9bb1fe4e0cbcb3997aab06383859bbf9af SCSC-Bug-Id:SSB-30512 Signed-off-by: Pragya Gupta --- gscan.cpp | 22 ++++++++++++++++------ link_layer_stats.cpp | 23 ++++++++++++++++++----- wifi_hal.cpp | 10 ++-------- wifi_offload.cpp | 8 +++++++- 4 files changed, 43 insertions(+), 20 deletions(-) diff --git a/gscan.cpp b/gscan.cpp index b6c104c..f58b59c 100755 --- a/gscan.cpp +++ b/gscan.cpp @@ -456,7 +456,7 @@ public: return result; } - + return result; } @@ -508,7 +508,7 @@ public: if(*mHandler.on_scan_event) (*mHandler.on_scan_event)(evt_type, evt_type); } else if(event_id == GSCAN_EVENT_FULL_SCAN_RESULTS) { - uint32_t bucket_scanned; + uint32_t bucket_scanned = 0; wifi_scan_result *scan_result = NULL; for (nl_iterator it(vendor_data); it.has_next(); it.next()) { if (it.get_type() == GSCAN_ATTRIBUTE_SCAN_BUCKET_BIT) { @@ -596,7 +596,10 @@ public: wifi_cached_scan_results *results, int max, int *num) : WifiCommand(iface, -1), mScans(results), mMax(max), mNum(num), mRetrieved(0), mFlush(flush), mCompleted(0) - { } + { + memset(mScanResults,0,sizeof(mScanResults)); + mNextScanResult = 0; + } int createRequest(WifiRequest& request, int num, byte flush) { int result = request.create(GOOGLE_OUI, SLSI_NL80211_VENDOR_SUBCMD_GET_SCAN_RESULTS); @@ -746,7 +749,9 @@ public: BssidHotlistCommand(wifi_interface_handle handle, int id, wifi_bssid_hotlist_params params, wifi_hotlist_ap_found_handler handler) : WifiCommand(handle, id), mParams(params), mHandler(handler) - { } + { + memset(mResults, 0, sizeof(mResults)); + } int createSetupRequest(WifiRequest& request) { int result = request.create(GOOGLE_OUI, SLSI_NL80211_VENDOR_SUBCMD_SET_BSSID_HOTLIST); @@ -858,7 +863,6 @@ public: return NL_SKIP; } - memset(mResults, 0, sizeof(wifi_scan_result) * MAX_RESULTS); int num = len / sizeof(wifi_scan_result); num = min(MAX_RESULTS, num); @@ -923,7 +927,10 @@ public: SignificantWifiChangeCommand(wifi_interface_handle handle, int id, wifi_significant_change_params params, wifi_significant_change_handler handler) : WifiCommand(handle, id), mParams(params), mHandler(handler) - { } + { + memset(mResultsBuffer,0,sizeof(mResultsBuffer)); + memset(mResults,0,sizeof(mResults)); + } int createSetupRequest(WifiRequest& request) { int result = request.create(GOOGLE_OUI, SLSI_NL80211_VENDOR_SUBCMD_SET_SIGNIFICANT_CHANGE); @@ -1115,6 +1122,7 @@ public: : WifiCommand(handle, id), mHandler(handler) { epno_params = params; + memset(&mResults,0,sizeof(wifi_scan_result)); } int createSetupRequest(WifiRequest& request) { @@ -1256,6 +1264,7 @@ public: return NL_SKIP; } + mResults = *(wifi_scan_result *) event.get_vendor_data(); if (*mHandler.on_network_found) (*mHandler.on_network_found)(id(), 1, &mResults); @@ -1310,6 +1319,7 @@ public: int num) : WifiCommand(iface, id), num_hs(num), mNetworks(NULL) { + mHandler.on_passpoint_network_found = NULL; } int createRequest(WifiRequest& request, int val) { diff --git a/link_layer_stats.cpp b/link_layer_stats.cpp index 64218e9..99ccea9 100755 --- a/link_layer_stats.cpp +++ b/link_layer_stats.cpp @@ -46,13 +46,21 @@ class LinkLayerStatsCommand : public WifiCommand public: LinkLayerStatsCommand(wifi_interface_handle handle, wifi_link_layer_params params) : WifiCommand(handle, 0), mParams(params) - { } + { + mStatsClearReqMask = 0; + mStatsClearRspMask = 0; + mStopReq = 0 ; + mStopRsp = NULL; + + } LinkLayerStatsCommand(wifi_interface_handle handle, u32 stats_clear_req_mask, u32 *stats_clear_rsp_mask, u8 stop_req, u8 *stop_rsp) : WifiCommand(handle, 0), mStatsClearReqMask(stats_clear_req_mask), mStatsClearRspMask(stats_clear_rsp_mask), mStopReq(stop_req), mStopRsp(stop_rsp) - { } + { + memset(&mParams,0,sizeof(wifi_link_layer_params)); + } int createSetRequest(WifiRequest& request) { int result = request.create(GOOGLE_OUI, SLSI_NL80211_VENDOR_SUBCMD_LLS_SET_INFO); @@ -210,11 +218,16 @@ protected: // assuming max peers is 16 wifi_iface_stat *iface_stat = (wifi_iface_stat *) malloc(sizeof(wifi_iface_stat) + sizeof(wifi_peer_info) * 16); + if (!iface_stat) { + ALOGE("Memory alloc failed for iface_stat in response handler!!!"); + return NL_SKIP; + } + // max channel is 38 (14 2.4GHz and 24 5GHz) wifi_radio_stat *radio_stat = (wifi_radio_stat *) malloc(sizeof(wifi_radio_stat) + sizeof(wifi_channel_stat) * 38); - - if (!iface_stat || !radio_stat) { - ALOGE("Memory alloc failed in response handler!!!"); + if (!radio_stat) { + ALOGE("Memory alloc failed for radio_stat in response handler!!!"); + free(iface_stat); return NL_SKIP; } diff --git a/wifi_hal.cpp b/wifi_hal.cpp index e562018..d5725e2 100755 --- a/wifi_hal.cpp +++ b/wifi_hal.cpp @@ -670,11 +670,6 @@ public: ALOGI("Successfully set RSSI monitoring"); registerVendorHandler(GOOGLE_OUI, WIFI_RSSI_REPORT_EVENT); - - if (result < 0) { - unregisterVendorHandler(GOOGLE_OUI, WIFI_RSSI_REPORT_EVENT); - return result; - } ALOGI("Done!"); return result; } @@ -761,10 +756,9 @@ public: class GetFeatureSetCommand : public WifiCommand { private: - int feature_type; + feature_set *fset; - int *fm_size; - int set_size_max; + public: GetFeatureSetCommand(wifi_interface_handle handle, feature_set *set) : WifiCommand(handle, 0) diff --git a/wifi_offload.cpp b/wifi_offload.cpp index 8552959..eac0108 100755 --- a/wifi_offload.cpp +++ b/wifi_offload.cpp @@ -68,7 +68,13 @@ public: // constructor for stop sending MKeepAliveCommand(wifi_interface_handle iface, u8 index, GetCmdType cmdType) : WifiCommand(iface, 0), mIndex(index), mType(cmdType) - { } + { + mIpPkt = NULL; + mIpPktLen = 0; + mSrcMacAddr = NULL; + mDstMacAddr = NULL; + mPeriodMsec = 0; + } int createRequest(WifiRequest &request) { int result; -- 2.20.1