[nuttx-apps] branch master updated: Fixed the error that when the driver scan result is empty, iwe_stream->len is a random number because the user data buf is not initialized.

Mon, 04 Sep 2023 21:35:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx-apps.git


The following commit(s) were added to refs/heads/master by this push:
     new 21e7a9dc9 Fixed the error that when the driver scan result is empty, 
iwe_stream->len is a random number because the user data buf is not initialized.
21e7a9dc9 is described below

commit 21e7a9dc9e975b8b505d356a63f1f51ebb2c2ba3
Author: wangyingdong <[email protected]>
AuthorDate: Wed Aug 30 16:37:32 2023 +0800

    Fixed the error that when the driver scan result is empty, iwe_stream->len 
is a random number because the user data buf is not initialized.
    
    Signed-off-by: wangyingdong <[email protected]>
---
 wireless/wapi/src/wireless.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/wireless/wapi/src/wireless.c b/wireless/wapi/src/wireless.c
index 13776e535..87bfb4d0b 100644
--- a/wireless/wapi/src/wireless.c
+++ b/wireless/wapi/src/wireless.c
@@ -267,15 +267,16 @@ static int wapi_event_stream_extract(FAR struct 
wapi_event_stream_s *stream,
   int ret = 1;
   FAR struct iw_event *iwe_stream;
 
-  if (stream->current + offsetof(struct iw_event, u) > stream->end)
+  iwe_stream = (FAR struct iw_event *)stream->current;
+
+  if (stream->current + offsetof(struct iw_event, u) > stream->end ||
+      iwe_stream->len == 0)
     {
       /* Nothing to process */
 
       return 0;
     }
 
-  iwe_stream = (FAR struct iw_event *)stream->current;
-
   if (stream->current + iwe_stream->len > stream->end ||
       iwe_stream->len < offsetof(struct iw_event, u))
     {
@@ -1315,14 +1316,15 @@ int wapi_scan_coll(int sock, FAR const char *ifname,
   WAPI_VALIDATE_PTR(aps);
 
   buflen = CONFIG_WIRELESS_WAPI_SCAN_MAX_DATA;
-  buf = malloc(buflen * sizeof(char));
+  buf = malloc(buflen);
   if (!buf)
     {
       WAPI_STRERROR("malloc()");
       return -ENOMEM;
     }
 
-alloc:
+retry:
+  memset(buf, 0, buflen);
 
   /* Collect results. */
 
@@ -1337,16 +1339,16 @@ alloc:
       FAR char *tmp;
 
       buflen *= 2;
-      tmp = realloc(buf, buflen);
+      tmp = malloc(buflen);
+      free(buf);
       if (!tmp)
         {
-          WAPI_STRERROR("realloc()");
-          free(buf);
+          WAPI_STRERROR("malloc()");
           return -ENOMEM;
         }
 
       buf = tmp;
-      goto alloc;
+      goto retry;
     }
 
   /* There is still something wrong. It's either EAGAIN or some other ioctl()

Reply via email to