From 4187b52505bea1a54f83dcc0aadc180c9f1648ef Mon Sep 17 00:00:00 2001
From: Dmitry Shmidt <dimitrysh@google.com>
Date: Tue, 23 Mar 2010 13:02:17 -0700
Subject: wl1271: Fix NULL pointer exception in Timer functions

Change-Id: I65a60c94a391d8cf91128c9552963e5ff3a2c669
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
---
 wl1271/utils/timer.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 70 insertions(+), 2 deletions(-)

diff --git a/wl1271/utils/timer.c b/wl1271/utils/timer.c
index 8686b256..e5e474e2 100644
--- a/wl1271/utils/timer.c
+++ b/wl1271/utils/timer.c
@@ -124,6 +124,12 @@ TI_STATUS tmr_Destroy (TI_HANDLE hTimerModule)
 {
     TTimerModule *pTimerModule = (TTimerModule *)hTimerModule;
 
+    if (!pTimerModule)
+    {
+        WLAN_OS_REPORT (("tmr_Destroy(): ERROR - NULL timer!\n"));
+        return TI_NOK;
+    }
+
     /* Alert if there are still timers that were not destroyed */
     if (pTimerModule->uTimersCount)
     {
@@ -141,7 +147,7 @@ TI_STATUS tmr_Destroy (TI_HANDLE hTimerModule)
     context_LeaveCriticalSection (pTimerModule->hContext);
 
     /* free module object */
-	os_memoryFree (pTimerModule->hOs, pTimerModule, sizeof(TTimerModule));
+    os_memoryFree (pTimerModule->hOs, pTimerModule, sizeof(TTimerModule));
 	
     return TI_OK;
 }
@@ -159,6 +165,12 @@ TI_STATUS tmr_Free(TI_HANDLE hTimerModule)
 {
     TTimerModule *pTimerModule = (TTimerModule *)hTimerModule;
 
+    if (!pTimerModule)
+    {
+        WLAN_OS_REPORT (("tmr_Free(): ERROR - NULL timer!\n"));
+        return TI_NOK;
+    }
+
     /* free module object */
     os_memoryFree (pTimerModule->hOs, pTimerModule, sizeof(TTimerModule));
 	
@@ -216,6 +228,12 @@ void tmr_Init (TI_HANDLE hTimerModule, TI_HANDLE hOs, TI_HANDLE hReport, TI_HAND
     TTimerModule *pTimerModule = (TTimerModule *)hTimerModule;
     TI_UINT32     uNodeHeaderOffset;
 
+    if (!pTimerModule)
+    {
+        WLAN_OS_REPORT (("tmr_Init(): ERROR - NULL timer!\n"));
+        return;
+    }
+
     pTimerModule->hOs           = hOs;
     pTimerModule->hReport       = hReport;
     pTimerModule->hContext      = hContext;
@@ -266,6 +284,12 @@ void tmr_UpdateDriverState (TI_HANDLE hTimerModule, TI_BOOL bOperState)
 {
     TTimerModule *pTimerModule = (TTimerModule *)hTimerModule;
 
+    if (!pTimerModule)
+    {
+        WLAN_OS_REPORT (("tmr_UpdateDriverState(): ERROR - NULL timer!\n"));
+        return;
+    }
+
     /* Enter critical section */
     context_EnterCriticalSection (pTimerModule->hContext);
 
@@ -317,6 +341,12 @@ TI_HANDLE tmr_CreateTimer (TI_HANDLE hTimerModule)
     TTimerModule *pTimerModule = (TTimerModule *)hTimerModule; /* The timer module handle */
     TTimerInfo   *pTimerInfo;  /* The created timer handle */
 
+    if (!pTimerModule)
+    {
+        WLAN_OS_REPORT (("tmr_CreateTimer(): ERROR - NULL timer!\n"));
+        return NULL;
+    }
+
     /* Allocate timer object */
     pTimerInfo = os_memoryAlloc (pTimerModule->hOs, sizeof(TTimerInfo));
     if (!pTimerInfo)
@@ -362,8 +392,16 @@ TI_STATUS tmr_DestroyTimer (TI_HANDLE hTimerInfo)
     TTimerModule *pTimerModule;                  /* The timer module handle */
 
     if (!pTimerInfo)
+    {
         return TI_NOK;
+    }
     pTimerModule = (TTimerModule *)pTimerInfo->hTimerModule;
+    if (!pTimerModule)
+    {
+        WLAN_OS_REPORT (("tmr_DestroyTimer(): ERROR - NULL timer!\n"));
+        return TI_NOK;
+    }
+
     /* Free the OS-API timer */
     if (pTimerInfo->hOsTimerObj) {
         os_timerDestroy (pTimerModule->hOs, pTimerInfo->hOsTimerObj);
@@ -404,6 +442,12 @@ void tmr_StartTimer (TI_HANDLE     hTimerInfo,
     TTimerInfo   *pTimerInfo   = (TTimerInfo *)hTimerInfo;                 /* The timer handle */     
     TTimerModule *pTimerModule = (TTimerModule *)pTimerInfo->hTimerModule; /* The timer module handle */
 
+    if (!pTimerModule)
+    {
+        WLAN_OS_REPORT (("tmr_StartTimer(): ERROR - NULL timer!\n"));
+        return;
+    }
+
     /* Save the timer parameters. */
     pTimerInfo->fExpiryCbFunc            = fExpiryCbFunc;
     pTimerInfo->hExpiryCbHndl            = hExpiryCbHndl;
@@ -435,6 +479,12 @@ void tmr_StopTimer (TI_HANDLE hTimerInfo)
     TTimerInfo   *pTimerInfo   = (TTimerInfo *)hTimerInfo;                 /* The timer handle */     
     TTimerModule *pTimerModule = (TTimerModule *)pTimerInfo->hTimerModule; /* The timer module handle */
 
+    if (!pTimerModule)
+    {
+        WLAN_OS_REPORT (("tmr_StopTimer(): ERROR - NULL timer!\n"));
+        return;
+    }
+
     /* Stop OS-API timer running */
     os_timerStop(pTimerModule->hOs, pTimerInfo->hOsTimerObj);
 
@@ -459,7 +509,13 @@ void tmr_StopTimer (TI_HANDLE hTimerInfo)
 void tmr_GetExpiry (TI_HANDLE hTimerInfo)
 {
     TTimerInfo   *pTimerInfo   = (TTimerInfo *)hTimerInfo;                 /* The timer handle */     
-	TTimerModule *pTimerModule = (TTimerModule *)pTimerInfo->hTimerModule; /* The timer module handle */
+    TTimerModule *pTimerModule = (TTimerModule *)pTimerInfo->hTimerModule; /* The timer module handle */
+
+    if (!pTimerModule)
+    {
+        WLAN_OS_REPORT (("tmr_GetExpiry(): ERROR - NULL timer!\n"));
+        return;
+    }
 
     /* Enter critical section */
     context_EnterCriticalSection (pTimerModule->hContext);
@@ -511,6 +567,12 @@ void tmr_HandleExpiry (TI_HANDLE hTimerModule)
     TTimerInfo   *pTimerInfo;      /* The timer handle */     
     TI_BOOL       bTwdInitOccured; /* Indicates if TWD init occured since timer start */
 
+    if (!pTimerModule)
+    {
+        WLAN_OS_REPORT (("tmr_HandleExpiry(): ERROR - NULL timer!\n"));
+        return;
+    }
+
     while (1)
     {
         /* Enter critical section */
@@ -574,6 +636,12 @@ void tmr_PrintModule (TI_HANDLE hTimerModule)
 {
     TTimerModule *pTimerModule = (TTimerModule *)hTimerModule;
 
+    if (!pTimerModule)
+    {
+        WLAN_OS_REPORT (("tmr_PrintModule(): ERROR - NULL timer!\n"));
+        return;
+    }
+
     /* Print module parameters */
     WLAN_OS_REPORT(("tmr_PrintModule(): uContextId=%d, bOperState=%d, uTwdInitCount=%d, uTimersCount=%d\n", 
     pTimerModule->uContextId, pTimerModule->bOperState, 
-- 
cgit v1.2.3