samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Invalid rem_len computation in roam stats evt handler

Browse Source 
rem_len is calculated based on MAX size of the WMI message
(WMI_SVC_MSG_MAX_SIZE) while extracting data from
WMI_ROAM_STATS_EVENTID event data.

Correct this by considering the actual message length
received in the event.

Change-Id: If24f732a8fdc0ad403e9b8a936ff8cfa0b7f7737
CRs-Fixed: 3035196
This commit is contained in:
VIJAY RAJ
2021-09-20 15:42:25 +05:30
committed by Madan Koyyalamudi
parent 9f4d7dddec
commit 7862b826b2
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/wmi/src/wmi_unified_roam_tlv.c
View File

@@ -2886,7 +2886,7 @@ extract_roam_stats_event_tlv(wmi_unified_t wmi_handle, uint8_t *evt_buf,
num_tlv = MAX_ROAM_SCAN_STATS_TLV;
}
rem_len = WMI_SVC_MSG_MAX_SIZE - sizeof(*fixed_param);
rem_len = len - sizeof(*fixed_param);
if (rem_len < num_tlv * sizeof(wmi_roam_trigger_reason)) {
wmi_err_rl("Invalid roam trigger data");
return QDF_STATUS_E_INVAL;