From b91e6eb90fdc7ccb49bfdea290a1bd31a6c92a7a Mon Sep 17 00:00:00 2001 From: Naveen Rawat Date: Sat, 6 Jan 2018 17:36:16 -0800 Subject: [PATCH] qcacld-3.0: Fix out buffer overflow and un-intialized variable access In function pmo_core_send_lphb_enable check index before accessing array. In function pmo_core_is_wow_applicable initialize vaiable before access. Change-Id: Iadba3175d10da3e4e311d8ab9e8a850053d3da24 CRs-Fixed: 2162257 --- components/pmo/core/src/wlan_pmo_lphb.c | 4 ++-- components/pmo/core/src/wlan_pmo_wow.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/pmo/core/src/wlan_pmo_lphb.c b/components/pmo/core/src/wlan_pmo_lphb.c index 13ffb36fb2..ddbcfafe8e 100644 --- a/components/pmo/core/src/wlan_pmo_lphb.c +++ b/components/pmo/core/src/wlan_pmo_lphb.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -59,7 +59,7 @@ static QDF_STATUS pmo_core_send_lphb_enable(struct wlan_objmgr_psoc *psoc, } /* target already configured, now cache command status */ - if (ts_lphb_enable->enable) { + if (ts_lphb_enable->enable && ts_lphb_enable->item > 0) { i = ts_lphb_enable->item - 1; qdf_spin_lock_bh(&psoc_ctx->lock); psoc_ctx->wow.lphb_cache[i].cmd diff --git a/components/pmo/core/src/wlan_pmo_wow.c b/components/pmo/core/src/wlan_pmo_wow.c index 667f4e4420..615e80486f 100644 --- a/components/pmo/core/src/wlan_pmo_wow.c +++ b/components/pmo/core/src/wlan_pmo_wow.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -262,7 +262,7 @@ bool pmo_core_is_wow_applicable(struct wlan_objmgr_psoc *psoc) { int vdev_id; struct wlan_objmgr_vdev *vdev; - bool is_wow_applicable; + bool is_wow_applicable = false; QDF_STATUS status; if (!psoc) {