samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Validate 'num_RICDataDesc' to avoid error logs

Browse Source 
qcacld-2.0 to qcacld-3.0 propagation

In sir_convert_assoc_resp_frame2_struct(), 'pAssocRsp->ricPresent' is set to
true when 'num_RICDataDesc' is 0, this causes qdf_mem_malloc() to be called
with invalid length 0.

Add change to validate 'num_RICDataDesc' to avoid above issue.

Change-Id: If5e59477efa4df01ca216904645babf769b55c47
CRs-Fixed: 2078891
This commit is contained in:
Sreelakshmi Konamki
2017-07-24 18:53:48 +05:30
committed by snandini
parent 513038eee1
commit 0ac62e88ee
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/mac/src/sys/legacy/src/utils/src/parser_api.c
View File

@@ -2874,7 +2874,7 @@ sir_convert_assoc_resp_frame2_struct(tpAniSirGlobal pMac,
sizeof(tDot11fIEFTInfo)); sizeof(tDot11fIEFTInfo));
} }
if (ar.num_RICDataDesc <= 2) { if (ar.num_RICDataDesc && ar.num_RICDataDesc <= 2) {
for (cnt = 0; cnt < ar.num_RICDataDesc; cnt++) { for (cnt = 0; cnt < ar.num_RICDataDesc; cnt++) {
if (ar.RICDataDesc[cnt].present) { if (ar.RICDataDesc[cnt].present) {
qdf_mem_copy(&pAssocRsp->RICData[cnt], qdf_mem_copy(&pAssocRsp->RICData[cnt],