From debcd9c86d601e44d8810c6157fdb09c55559a6e Mon Sep 17 00:00:00 2001 From: Bapiraju Alla Date: Wed, 16 Dec 2020 12:42:46 +0530 Subject: [PATCH] qcacmn: Discard QMI events when message with invalid length Currently QMI message length is not being validated before handling QMI event. This is resulting in illegal memory access when QMI message length is invalid. To address this, discard QMI events with invalid length. Change-Id: Ia9f04bcb4fa3b365cbbf2be8885a8d30f78f8f10 CRs-Fixed: 2839277 --- wmi/src/wmi_unified.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wmi/src/wmi_unified.c b/wmi/src/wmi_unified.c index b0393d19e0..4107cdd5d8 100644 --- a/wmi/src/wmi_unified.c +++ b/wmi/src/wmi_unified.c @@ -2580,7 +2580,7 @@ static int __wmi_process_qmi_fw_event(void *wmi_cb_ctx, void *buf, int len) uint32_t evt_id; int wmi_msg_len; - if (!wmi_handle || !buf) + if (!wmi_handle || !buf || (len < WMI_MIN_HEAD_ROOM)) return -EINVAL; /**