sergiotarxz/nuttx-apps
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed the error that when the driver scan result is empty, iwe_stream->len is a random number because the user data buf is not initialized.

Browse Source 
Signed-off-by: wangyingdong <wangyingdong@xiaomi.com>
This commit is contained in:
wangyingdong 2023-08-30 16:37:32 +08:00 committed by Xiang Xiao
parent 2432a62ab6
commit 21e7a9dc9e
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
wireless/wapi/src/wireless.c
View File

@ -267,15 +267,16 @@ static int wapi_event_stream_extract(FAR struct wapi_event_stream_s *stream,
int ret = 1; int ret = 1;
FAR struct iw_event *iwe_stream; FAR struct iw_event *iwe_stream;
if (stream->current + offsetof(struct iw_event, u) > stream->end) iwe_stream = (FAR struct iw_event *)stream->current;
if (stream->current + offsetof(struct iw_event, u) > stream->end ||
iwe_stream->len == 0)
{ {
/* Nothing to process */ /* Nothing to process */
return 0; return 0;
} }
iwe_stream = (FAR struct iw_event *)stream->current;
if (stream->current + iwe_stream->len > stream->end || if (stream->current + iwe_stream->len > stream->end ||
iwe_stream->len < offsetof(struct iw_event, u)) iwe_stream->len < offsetof(struct iw_event, u))
{ {
@ -1315,14 +1316,15 @@ int wapi_scan_coll(int sock, FAR const char *ifname,
WAPI_VALIDATE_PTR(aps); WAPI_VALIDATE_PTR(aps);
buflen = CONFIG_WIRELESS_WAPI_SCAN_MAX_DATA; buflen = CONFIG_WIRELESS_WAPI_SCAN_MAX_DATA;
buf = malloc(buflen * sizeof(char)); buf = malloc(buflen);
if (!buf) if (!buf)
{ {
WAPI_STRERROR("malloc()"); WAPI_STRERROR("malloc()");
return -ENOMEM; return -ENOMEM;
} }
alloc: retry:
memset(buf, 0, buflen);
/* Collect results. */ /* Collect results. */
@ -1337,16 +1339,16 @@ alloc:
FAR char *tmp; FAR char *tmp;
buflen *= 2; buflen *= 2;
tmp = realloc(buf, buflen); tmp = malloc(buflen);
free(buf);
if (!tmp) if (!tmp)
{ {
WAPI_STRERROR("realloc()"); WAPI_STRERROR("malloc()");
free(buf);
return -ENOMEM; return -ENOMEM;
} }
buf = tmp; buf = tmp;
goto alloc; goto retry;
} }
/* There is still something wrong. It's either EAGAIN or some other ioctl() /* There is still something wrong. It's either EAGAIN or some other ioctl()