samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Fix Integer Overflow Leading to Buffer Overflow

Browse Source 
wmi_buf_alloc() API expects length to be passed of type
uint16_t. However, the callers pass uint32_t to it.
This might result in overflow and illegal memory access
thereafter. The fix is to modify the API signature accordingly.

Change-Id: If09da4978d421269b884f7d3c933c49c81651475
CRs-Fixed: 2218346
This commit is contained in:
Debasis Das
2018-04-04 17:17:55 +05:30
committed by nshrivas
parent da542178c9
commit 78495ce966
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wmi/inc/wmi_unified_api.h
View File

@@ -195,10 +195,10 @@ wmi_unified_remove_work(struct wmi_unified *wmi_handle);
#ifdef NBUF_MEMORY_DEBUG
#define wmi_buf_alloc(h, l) wmi_buf_alloc_debug(h, l, __FILE__, __LINE__)
wmi_buf_t
wmi_buf_alloc_debug(wmi_unified_t wmi_handle, uint16_t len,
wmi_buf_alloc_debug(wmi_unified_t wmi_handle, uint32_t len,
uint8_t *file_name, uint32_t line_num);
#else
wmi_buf_t wmi_buf_alloc(wmi_unified_t wmi_handle, uint16_t len);
wmi_buf_t wmi_buf_alloc(wmi_unified_t wmi_handle, uint32_t len);
#endif
/**