qcacld-3.0: Fix potential buffer overflow in ol_txrx_update_tx_queue_groups

Check for the validity of group_id when received the htt message of HTT_T2H_MSG_TYPE_TX_CREDIT_UPDATE_IND from firmware to ensure the buffer overflow does not happen. Change-Id: I17ac9f37a1450f32fb080c3b22f6317b6238068c CRs-Fixed: 2148610
2018-01-18 16:48:00 +08:00
parent e512a3d763
commit 1e553e5aa3
1 changed files with 7 additions and 0 deletions
--- a/core/dp/txrx/ol_txrx.c
+++ b/core/dp/txrx/ol_txrx.c
@@ -588,6 +588,13 @@ void ol_txrx_update_tx_queue_groups(
 	u_int32_t membership;
 	struct ol_txrx_vdev_t *vdev;

+	if (group_id >= OL_TX_MAX_TXQ_GROUPS) {
+		ol_txrx_warn("%s: invalid group_id=%u, ignore update.\n",
+			__func__,
+			group_id);
+		return;
+	}
+
 	group = &pdev->txq_grps[group_id];

 	membership = OL_TXQ_GROUP_MEMBERSHIP_GET(vdev_id_mask, ac_mask);