samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Fix possible OOB access for tx_hw_desc_history

Browse Source 
Memory allocated for tx_hw_desc_history uses incorrect
size parameter resulting in much lower memory to get
assigned. This will result in OOB access and corruptions
in memory, regions post the trailing boundary when updating
tx hw desc events via dp_tx_hw_desc_update_evt.

Fix is to use the appropriate memory size for tx_hw_desc_history
and add NULL check in dp_tx_hw_desc_update_evt.

Change-Id: I97af7898cf8bf1b24978d559f84a2a3d00227ed8
CRs-Fixed: 2952859
This commit is contained in:
Yeshwanth Sriram Guntuka
2021-05-24 18:38:10 +05:30
committed by Madan Koyyalamudi
parent bbd65e7a59
commit 27212c73fe
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dp/wifi3.0/dp_main.c
View File

@@ -4541,7 +4541,7 @@ static void dp_soc_tx_hw_desc_history_attach(struct dp_soc *soc)
{
soc->tx_hw_desc_history = dp_context_alloc_mem(
soc, DP_TX_HW_DESC_HIST_TYPE,
sizeof(struct dp_tx_hw_desc_evt));
sizeof(*soc->tx_hw_desc_history));
if (soc->tx_hw_desc_history)
soc->tx_hw_desc_history->index = 0;
}