qcacmn: Check smode value to avoid OOB read

It doesn't check smode before used as array index, the potential risk is that OOB read or write once get invalid value from target. So, this change checks smode value before using. Change-Id: Ibc0625f43e31bc8b49694cca778726c6528290a8 CRs-Fixed: 3034136
2021-09-13 22:32:42 +08:00
parent 2b8f8e7ee5
commit 8e18b21f89
1 changed files with 6 additions and 0 deletions
--- a/target_if/spectral/target_if_spectral.c
+++ b/target_if/spectral/target_if_spectral.c
@@ -6491,6 +6491,12 @@ target_if_spectral_fw_param_event_handler(ol_scn_t scn, uint8_t *data_buf,
 		return qdf_status_to_os_return(QDF_STATUS_E_FAILURE);
 	}

+	if (event_params.smode >= SPECTRAL_SCAN_MODE_MAX ||
+	    event_params.smode < SPECTRAL_SCAN_MODE_NORMAL) {
+		spectral_err("Invalid smode %d", event_params.smode);
+		return qdf_status_to_os_return(QDF_STATUS_E_FAILURE);
+	}
+
 	pdev = wlan_objmgr_get_pdev_by_id(psoc, event_params.pdev_id,
 					  WLAN_SPECTRAL_ID);
 	if (!pdev) {