Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacmn: Add boundary check on TSO segments

In the error-path execution stream where number of tso segments
in a tso_descriptor, there was an assumption that the number would
be > 0 (normal case is 2). When it is zero, a segment at a wrong
index (-1=> (4M-1)) was being unmapped, which was a bad access.
Add code to make sure that the index in question is in the range.
Need still to understand the reason why num_segs were smaller (0)
then expected (2).

Change-Id: I5d6e16f48f29c98cfb2191cf497f4203ea56a78f
CRs-Fixed: 2028808
Orhan K AKYILDIZ 8 years ago
parent
07d24be439
commit
5adc058835
1 changed files with 4 additions and 1 deletions
Unified View Show Diff Stats
  1. 4 1
      qdf/linux/src/qdf_nbuf.c

+ 4 - 1
qdf/linux/src/qdf_nbuf.c
View File 

@@ -1944,7 +1944,10 @@ void __qdf_nbuf_unmap_tso_segment(qdf_device_t osdev,
 
 			  struct qdf_tso_seg_elem_t *tso_seg,
 
 			  struct qdf_tso_seg_elem_t *tso_seg,
 
 			  bool is_last_seg)
 
 			  bool is_last_seg)
 
 {
 
 {
 
-	uint32_t num_frags = tso_seg->seg.num_frags - 1;
 
+	uint32_t num_frags = 0;
 
+
 
+	if (tso_seg->seg.num_frags > 0)
 
+		num_frags = tso_seg->seg.num_frags - 1;
 
 
 
 	/*Num of frags in a tso seg cannot be less than 2 */
 
 	/*Num of frags in a tso seg cannot be less than 2 */
 
 	if (num_frags < 1) {
 
 	if (num_frags < 1) {