From 9c5c6132f6c54eaf54d271a2387ad1a13a0f2a61 Mon Sep 17 00:00:00 2001
From: Abhiram Jogadenu <ajogaden@codeaurora.org>
Date: Mon, 14 May 2018 17:13:28 +0530
Subject: [PATCH] qcacmn: Check to validate wmi tartget_type

This target type is used as an array index for wmi_attach_register.
If the index is greater than or equal to  WMI_MAX_TARGET_TYPE,
it may lead to invalid memory access.
KW issue id is 294041

Change-Id: Ibb49d77413517173c24aae44ae5a3f17069425d2
---
 wmi/src/wmi_unified.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wmi/src/wmi_unified.c b/wmi/src/wmi_unified.c
index 006154c1c6..0ced7e7f22 100644
--- a/wmi/src/wmi_unified.c
+++ b/wmi/src/wmi_unified.c
@@ -2193,6 +2193,10 @@ void *wmi_unified_attach(void *scn_handle,
 				param->rx_ops->wma_process_fw_event_handler_cbk;
 	wmi_handle->target_type = param->target_type;
 	soc->target_type = param->target_type;
+
+	if (param->target_type >= WMI_MAX_TARGET_TYPE)
+		goto error;
+
 	if (wmi_attach_register[param->target_type]) {
 		wmi_attach_register[param->target_type](wmi_handle);
 	} else {