diff options
| author | Subhani Shaik <subhanis@codeaurora.org> | 2016-03-14 12:15:32 -0700 |
|---|---|---|
| committer | Mukesh Agrawal <quiche@google.com> | 2016-03-16 17:51:59 +0000 |
| commit | c193fd5cb051a566bd1a0e9fd565504cab46ff23 (patch) | |
| tree | bb1b0fea300ac427d41d76005194df206f69a600 /qcwcn/wifi_hal/wifi_hal.cpp | |
| parent | 76bf03b613d7c1aa14ba63b1670f0c9d11c367fc (diff) | |
| download | wlan-c193fd5cb051a566bd1a0e9fd565504cab46ff23.tar.gz | |
WifiHal: Address Debug framework bugs and misc issues
Fix multiple issues
1) Extract wmsg length from nlmsg_hdr with ntohs()
2) Do not free local frame_content in get()
3) Avoid illegal memory access in wifi_set_packet_filter fn
4) Updating new enums related to WIFI Configuration
BUG: 27502434
BUG: 27595799
Change-Id: I369a6b278f3e587f07d3a57be97b61eda658104d
Diffstat (limited to 'qcwcn/wifi_hal/wifi_hal.cpp')
| -rw-r--r-- | qcwcn/wifi_hal/wifi_hal.cpp | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/qcwcn/wifi_hal/wifi_hal.cpp b/qcwcn/wifi_hal/wifi_hal.cpp index a407741..3727e0b 100644 --- a/qcwcn/wifi_hal/wifi_hal.cpp +++ b/qcwcn/wifi_hal/wifi_hal.cpp @@ -1269,15 +1269,15 @@ static wifi_error wifi_set_packet_filter(wifi_interface_handle iface, return WIFI_ERROR_INVALID_ARGS; } - ret = initialize_vendor_cmd(iface, get_requestid(), - QCA_NL80211_VENDOR_SUBCMD_PACKET_FILTER, - &vCommand); - if (ret != WIFI_SUCCESS) { - ALOGE("%s: Initialization failed", __FUNCTION__); - return (wifi_error)ret; - } - do { + ret = initialize_vendor_cmd(iface, get_requestid(), + QCA_NL80211_VENDOR_SUBCMD_PACKET_FILTER, + &vCommand); + if (ret != WIFI_SUCCESS) { + ALOGE("%s: Initialization failed", __FUNCTION__); + return (wifi_error)ret; + } + /* Add the vendor specific attributes for the NL command. */ nlData = vCommand->attr_start(NL80211_ATTR_VENDOR_DATA); if (!nlData) @@ -1317,11 +1317,16 @@ static wifi_error wifi_set_packet_filter(wifi_interface_handle iface, goto cleanup; } + /* destroy the object after sending each fragment to driver */ + delete vCommand; + vCommand = NULL; + current_offset += min(info->firmware_bus_max_size, len); } while (current_offset < len); cleanup: - delete vCommand; + if (vCommand) + delete vCommand; return (wifi_error)ret; } |