samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Check chain mask tables number valid

Browse Source 
Chain mask tables number is from wmi service ready ext event, it is
not check valid which will cause oob read arry of chain mask tables.

Change-Id: I2fa0251358ed66d928477c0b55933ca028c8bd53
CRs-Fixed: 2331850
This commit is contained in:
Wu Gao
2018-10-12 18:16:09 +08:00
committed by nshrivas
parent 9e96f02458
commit b9a832ec33
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wmi/src/wmi_unified_tlv.c
View File

@@ -23,6 +23,7 @@
#include "wmi_version_whitelist.h" #include "wmi_version_whitelist.h"
#include <qdf_module.h> #include <qdf_module.h>
#include <wlan_defs.h> #include <wlan_defs.h>
#include <wlan_cmn.h>
#include <htc_services.h> #include <htc_services.h>
#ifdef FEATURE_WLAN_APF #ifdef FEATURE_WLAN_APF
#include "wmi_unified_apf_tlv.h" #include "wmi_unified_apf_tlv.h"
@@ -17045,7 +17046,8 @@ static QDF_STATUS extract_chainmask_tables_tlv(wmi_unified_t wmi_handle,
if (!hw_caps) if (!hw_caps)
return QDF_STATUS_E_INVAL; return QDF_STATUS_E_INVAL;
if (!hw_caps->num_chainmask_tables) if ((!hw_caps->num_chainmask_tables) ||
(hw_caps->num_chainmask_tables > PSOC_MAX_CHAINMASK_TABLES))
return QDF_STATUS_E_INVAL; return QDF_STATUS_E_INVAL;
chainmask_caps = param_buf->mac_phy_chainmask_caps; chainmask_caps = param_buf->mac_phy_chainmask_caps;