Startseite Erkunden Hilfe
Anmelden
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Quellcode durchsuchen

qcacld-3.0: Fix possible OOB access in ol_rx_reorder_detect_hole

Currently tid is extracted from HTT message and it is used without
check. This may cause possible OOB array read. To address this add
check for valid tid.

Change-Id: Idb03236e05fe43326f9ab46ae8368adc9a92d92a
CRs-Fixed: 2225497
Sravan Kumar Kairam vor 7 Jahren
Ursprung
24e5b21555
Commit
adbff87a09
1 geänderte Dateien mit 5 neuen und 0 gelöschten Zeilen
Gesamtansicht Diff-Statistik anzeigen
  1. 5 0
      core/dp/txrx/ol_rx_reorder.c

+ 5 - 0
core/dp/txrx/ol_rx_reorder.c
Datei anzeigen 

@@ -457,6 +457,11 @@ static void ol_rx_reorder_detect_hole(struct ol_txrx_peer_t *peer,
 
 {
 
 {
 
 	uint32_t win_sz_mask, next_rel_idx, hole_size;
 
 	uint32_t win_sz_mask, next_rel_idx, hole_size;
 
 
 
+	if (tid >= OL_TXRX_NUM_EXT_TIDS) {
 
+		ol_txrx_err("%s:  invalid tid, %u\n", __FUNCTION__, tid);
 
+		return;
 
+	}
 
+
 
 	if (peer->tids_next_rel_idx[tid] == INVALID_REORDER_INDEX)
 
 	if (peer->tids_next_rel_idx[tid] == INVALID_REORDER_INDEX)
 
 		return;
 
 		return;