qcacmn: Add boundary check on TSO segments
In the error-path execution stream where number of tso segments in a tso_descriptor, there was an assumption that the number would be > 0 (normal case is 2). When it is zero, a segment at a wrong index (-1=> (4M-1)) was being unmapped, which was a bad access. Add code to make sure that the index in question is in the range. Need still to understand the reason why num_segs were smaller (0) then expected (2). Change-Id: I5d6e16f48f29c98cfb2191cf497f4203ea56a78f CRs-Fixed: 2028808
This commit is contained in:

committed by
Sandeep Puligilla

parent
07d24be439
commit
5adc058835
@@ -1944,7 +1944,10 @@ void __qdf_nbuf_unmap_tso_segment(qdf_device_t osdev,
|
|||||||
struct qdf_tso_seg_elem_t *tso_seg,
|
struct qdf_tso_seg_elem_t *tso_seg,
|
||||||
bool is_last_seg)
|
bool is_last_seg)
|
||||||
{
|
{
|
||||||
uint32_t num_frags = tso_seg->seg.num_frags - 1;
|
uint32_t num_frags = 0;
|
||||||
|
|
||||||
|
if (tso_seg->seg.num_frags > 0)
|
||||||
|
num_frags = tso_seg->seg.num_frags - 1;
|
||||||
|
|
||||||
/*Num of frags in a tso seg cannot be less than 2 */
|
/*Num of frags in a tso seg cannot be less than 2 */
|
||||||
if (num_frags < 1) {
|
if (num_frags < 1) {
|
||||||
|
Reference in New Issue
Block a user