samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Add sanity check to avoid len overflow issue in WMI event data

Browse Source 
In WMI/WMA, data from event buffer from FW is used without
sanity checks for upper limit in multiple places. This might
lead to a potential integer overflow further leading to buffer
corruption

Add upper bound checks for max limit of event buffer (1536)
in all affected places to prevent the potential integer
overflow

Change-Id: Ic9194a27c4a4c63fc68ff7fc61165a53e66ca4f4
CRs-Fixed: 2095545
This commit is contained in:
Varun Reddy Yeturu
2017-08-20 13:41:02 -07:00
committed by snandini
parent 29d4ef0e63
commit 1aa91d9c60
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
wmi_unified_param.h
View File

@@ -93,6 +93,7 @@
#define WMI_MSEC_TO_USEC(msec) (msec * 1000) /* msec to usec */
#define WMI_NLO_FREQ_THRESH 1000 /* in MHz */
#define WMI_SVC_MSG_MAX_SIZE 1536
#define MAX_UTF_EVENT_LENGTH 2048
#define MAX_WMI_UTF_LEN 252
#define MAX_WMI_QVIT_LEN 252