qcacmn: Check chain mask tables number valid
Chain mask tables number is from wmi service ready ext event, it is not check valid which will cause oob read arry of chain mask tables. Change-Id: I2fa0251358ed66d928477c0b55933ca028c8bd53 CRs-Fixed: 2331850
This commit is contained in:
@@ -23,6 +23,7 @@
|
|||||||
#include "wmi_version_whitelist.h"
|
#include "wmi_version_whitelist.h"
|
||||||
#include <qdf_module.h>
|
#include <qdf_module.h>
|
||||||
#include <wlan_defs.h>
|
#include <wlan_defs.h>
|
||||||
|
#include <wlan_cmn.h>
|
||||||
#include <htc_services.h>
|
#include <htc_services.h>
|
||||||
#ifdef FEATURE_WLAN_APF
|
#ifdef FEATURE_WLAN_APF
|
||||||
#include "wmi_unified_apf_tlv.h"
|
#include "wmi_unified_apf_tlv.h"
|
||||||
@@ -17045,7 +17046,8 @@ static QDF_STATUS extract_chainmask_tables_tlv(wmi_unified_t wmi_handle,
|
|||||||
if (!hw_caps)
|
if (!hw_caps)
|
||||||
return QDF_STATUS_E_INVAL;
|
return QDF_STATUS_E_INVAL;
|
||||||
|
|
||||||
if (!hw_caps->num_chainmask_tables)
|
if ((!hw_caps->num_chainmask_tables) ||
|
||||||
|
(hw_caps->num_chainmask_tables > PSOC_MAX_CHAINMASK_TABLES))
|
||||||
return QDF_STATUS_E_INVAL;
|
return QDF_STATUS_E_INVAL;
|
||||||
|
|
||||||
chainmask_caps = param_buf->mac_phy_chainmask_caps;
|
chainmask_caps = param_buf->mac_phy_chainmask_caps;
|
||||||
|
Reference in New Issue
Block a user