Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Fix buffer overflow issue in cds_update_with_safe_channel_list

Fix the size of pcl_channels & pcl_weight array to be QDF_MAX_NUM_CHAN in
cds_get_nondfs_preferred_channel. Also make sure all the callers of
cds_get_channel_list uses QDF_MAX_NUM_CHAN as channel array size.

Change-Id: I256421f54180d1d8f9f6abd549d417e74d62add5
CRs-Fixed: 1082596
Tushnim Bhattacharyya 8 years ago
parent
9d81e7d7d5
commit
0105770430
2 changed files with 3 additions and 3 deletions
Split View Show Diff Stats
  1. 2 2
      core/cds/src/cds_concurrency.c
  2. 1 1
      core/sap/inc/sap_api.h

+ 2 - 2
core/cds/src/cds_concurrency.c
View File 

@@ -8353,8 +8353,8 @@ uint8_t
 
 cds_get_nondfs_preferred_channel(enum cds_con_mode mode,
 
 		bool for_existing_conn)
 
 {
 
-	uint8_t pcl_channels[NUM_CHANNELS];
 
-	uint8_t pcl_weight[NUM_CHANNELS];
 
+	uint8_t pcl_channels[QDF_MAX_NUM_CHAN];
 
+	uint8_t pcl_weight[QDF_MAX_NUM_CHAN];
 
 
 	/*
 
 	 * in worst case if we can't find any channel at all

+ 1 - 1
core/sap/inc/sap_api.h
View File 

@@ -485,7 +485,7 @@ struct sap_acs_cfg {
 
 #endif
 
 
 	uint16_t   ch_width;
 
-	uint8_t    pcl_channels[NUM_CHANNELS];
 
+	uint8_t    pcl_channels[QDF_MAX_NUM_CHAN];
 
 	uint32_t   pcl_ch_count;
 
 	/* ACS Algo Output */
 
 	uint8_t    pri_ch;