From 4def39b40955bc94be17031ad593c5acdc067950 Mon Sep 17 00:00:00 2001
From: Alan Chen <quic_alache@quicinc.com>
Date: Tue, 13 Dec 2022 15:33:01 -0800
Subject: [PATCH] cnss2: Add data length validation in
 cnss_wlfw_qdss_data_send_sync()

Add a data length validation check in fw response message in
qdss_data_send_sync().

Change-Id: I197b8d52c06e35f5fcf0f8fee94429fdcf500fcb
CRs-Fixed: 3359589
---
 cnss2/qmi.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cnss2/qmi.c b/cnss2/qmi.c
index 33b4537833..f9199bcafc 100644
--- a/cnss2/qmi.c
+++ b/cnss2/qmi.c
@@ -1172,7 +1172,8 @@ int cnss_wlfw_qdss_data_send_sync(struct cnss_plat_data *plat_priv, char *file_n
 		     resp->total_size == total_size) &&
 		   (resp->seg_id_valid == 1 && resp->seg_id == req->seg_id) &&
 		   (resp->data_valid == 1 &&
-		    resp->data_len <= QMI_WLFW_MAX_DATA_SIZE_V01)) {
+		    resp->data_len <= QMI_WLFW_MAX_DATA_SIZE_V01) &&
+		   resp->data_len <= remaining) {
 			memcpy(p_qdss_trace_data_temp,
 			       resp->data, resp->data_len);
 		} else {