From 3550d5a7f64b5c4575c68223225c208972b301ac Mon Sep 17 00:00:00 2001
From: Kiran Kumar Lokere <klokere@codeaurora.org>
Date: Mon, 8 Jan 2018 19:23:26 -0800
Subject: [PATCH] qcacmn: Fix possible buffer overflow in regulatory api

Check for channel list size before accessing it to avoid
possible buffer overflow

Change-Id: I2cf36adb2651a40d6e186deaef58330d1c0105ca
CRs-Fixed: 2160756
---
 umac/regulatory/core/src/reg_services.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/umac/regulatory/core/src/reg_services.c b/umac/regulatory/core/src/reg_services.c
index fa13b9e26c..1e94c5bc51 100644
--- a/umac/regulatory/core/src/reg_services.c
+++ b/umac/regulatory/core/src/reg_services.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2017 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2014-2018 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -3815,6 +3815,8 @@ static QDF_STATUS reg_process_ch_avoid_freq(struct wlan_objmgr_psoc *psoc,
 
 	for (ch_loop = 0; ch_loop < psoc_priv_obj->unsafe_chan_list.ch_cnt;
 		ch_loop++) {
+		if (ch_loop >= NUM_CHANNELS)
+			break;
 		reg_debug("channel %d is not safe",
 			psoc_priv_obj->unsafe_chan_list.
 			ch_list[ch_loop]);