qcacmn: Check smode value to avoid OOB read

It doesn't check smode before used as array index, the potential risk is that OOB read or write once get invalid value from target. So, this change checks smode value before using. Change-Id: Ibc0625f43e31bc8b49694cca778726c6528290a8 CRs-Fixed: 3034136
2021-09-13 22:32:42 +08:00
--- a/target_if/spectral/target_if_spectral.c
+++ b/target_if/spectral/target_if_spectral.c
@@ -6491,6 +6491,12 @@ target_if_spectral_fw_param_event_handler(ol_scn_t scn, uint8_t *data_buf,
 		return qdf_status_to_os_return(QDF_STATUS_E_FAILURE);
 	}

+	if (event_params.smode >= SPECTRAL_SCAN_MODE_MAX ||
+	    event_params.smode < SPECTRAL_SCAN_MODE_NORMAL) {
+		spectral_err("Invalid smode %d", event_params.smode);
+		return qdf_status_to_os_return(QDF_STATUS_E_FAILURE);
+	}
+
 	pdev = wlan_objmgr_get_pdev_by_id(psoc, event_params.pdev_id,
 					  WLAN_SPECTRAL_ID);
 	if (!pdev) {