samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Fix OOB access in htt_rx_ring_fill_n

Browse Source 
Validate num and idx variables to avoid OOB access.

Change-Id: I920a3cd12744055cfc8315e3b16f8564a3cf9683
CRs-Fixed: 2225604
This commit is contained in:
Rakshith Suresh Patkar
2018-05-11 18:28:59 +05:30
committed by nshrivas
parent 2d87a1c78c
commit 1273054d88
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
core/dp/htt/htt_rx.c
View File

@@ -398,6 +398,14 @@ static int htt_rx_ring_fill_n(struct htt_pdev_t *pdev, int num)
idx = *(pdev->rx_ring.alloc_idx.vaddr); idx = *(pdev->rx_ring.alloc_idx.vaddr);
if ((idx < 0) || (idx > pdev->rx_ring.size_mask) ||
(num > pdev->rx_ring.size)) {
QDF_TRACE(QDF_MODULE_ID_HTT,
QDF_TRACE_LEVEL_ERROR,
"%s:rx refill failed!", __func__);
return filled;
}
moretofill: moretofill:
while (num > 0) { while (num > 0) {
qdf_dma_addr_t paddr, paddr_marked; qdf_dma_addr_t paddr, paddr_marked;