|
|
@@ -2099,8 +2099,22 @@ static QDF_STATUS wma_unified_bcn_tmpl_send(tp_wma_handle wma,
|
|
|
tmpl_len = *(uint32_t *) &bcn_info->beacon[0];
|
|
|
else
|
|
|
tmpl_len = bcn_info->beaconLength;
|
|
|
- if (p2p_ie_len)
|
|
|
+
|
|
|
+ if (tmpl_len > WMI_BEACON_TX_BUFFER_SIZE) {
|
|
|
+ wma_err("tmpl_len: %d > %d. Invalid tmpl len", tmpl_len,
|
|
|
+ WMI_BEACON_TX_BUFFER_SIZE);
|
|
|
+ return -EINVAL;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (p2p_ie_len) {
|
|
|
+ if (tmpl_len <= p2p_ie_len) {
|
|
|
+ wma_err("tmpl_len %d <= p2p_ie_len %d, Invalid",
|
|
|
+ tmpl_len, p2p_ie_len);
|
|
|
+ return -EINVAL;
|
|
|
+ }
|
|
|
tmpl_len -= (uint32_t) p2p_ie_len;
|
|
|
+ }
|
|
|
+
|
|
|
frm = bcn_info->beacon + bytes_to_strip;
|
|
|
tmpl_len_aligned = roundup(tmpl_len, sizeof(A_UINT32));
|
|
|
/*
|
CNSS_WLAN Service