From cba3b22b0d02cec76a3e421302441b55f0788aea Mon Sep 17 00:00:00 2001
From: Jakob Olsson <jakob.olsson@iopsys.eu>
Date: Wed, 31 Mar 2021 15:30:27 +0200
Subject: [PATCH] map-agent: channel scan misc memory fixes

---
 src/core/agent.c     | 4 ++--
 src/core/agent_map.c | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/core/agent.c b/src/core/agent.c
index a8065b82c..b79638c8d 100644
--- a/src/core/agent.c
+++ b/src/core/agent.c
@@ -3114,10 +3114,10 @@ void parse_scanresults(struct ubus_request *req, int type, struct blob_attr *msg
 			continue;
 		// if no neighbors, allocated
 		if (scanres_el->num_neighbors == 0) {
-			scanres_el->num_neighbors++;
-			scanres_el->nbrlist = malloc(1 * sizeof(*(scanres_el->nbrlist)));
+			scanres_el->nbrlist = calloc(1, 1 * sizeof(*(scanres_el->nbrlist)));
 			if (!scanres_el)
 				continue;
+			scanres_el->num_neighbors++;
 		}
 		// If has neighbors, allocate one addiotnal neighbor
 		else {
diff --git a/src/core/agent_map.c b/src/core/agent_map.c
index d2ec53902..4f26dbfb5 100644
--- a/src/core/agent_map.c
+++ b/src/core/agent_map.c
@@ -3019,7 +3019,9 @@ void free_scanresults_neighbors(struct wifi_radio_element *re)
 		for (k = 0; k < opclass->num_channels_scanned; k++) {
 			struct wifi_scanres_channel_element *ch_el = &opclass->channel_scanlist[k];
 
-			free(ch_el->nbrlist);
+			if (ch_el->nbrlist)
+				free(ch_el->nbrlist);
+			ch_el->nbrlist = NULL;
 			ch_el->num_neighbors = 0;
 		}
 	}
@@ -3055,8 +3057,6 @@ int handle_channel_scan_request(void *agent, struct cmdu_cstruct *cmdu)
 	char *radio_name;
 	wifi_object_t r_wobj = WIFI_OBJECT_INVALID;
 
-	free_scanresults_neighbors(radio);
-
 	for (i = 0; i < query->nbr_radios; i++) { // a->num_radios
 		radio_name = wifi_get_radio_by_mac(a, query->radio_data[i].radio_id);
 		if (!radio_name)
@@ -3067,6 +3067,7 @@ int handle_channel_scan_request(void *agent, struct cmdu_cstruct *cmdu)
 			continue;
 		ri = wifi_get_radio_index_by_mac(a, query->radio_data[i].radio_id);
 		// ubus call wifi.radio.wl0 scan
+		free_scanresults_neighbors(&a->radios[ri]);
 		ubus_call_object(a, r_wobj, "scan", NULL, &a->radios[ri]);
 		trace("Scaning radio %s neighbors...\n", wifi_get_radio_by_mac(a, query->radio_data[i].radio_id));
 	}
-- 
GitLab