Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Fix KASAN slab-out-of-bounds in ipa3_release_wdi_mapping

To avoid out-of-bounds access of mem_map_table from htt_rx_hash_deinit
, allocate mem_map_table size the same as maximum number of hash
entries, which is RX_NUM_HASH_BUCKETS * RX_ENTRIES_SIZE.

Change-Id: If25f97b47350196ceb2e8c60e7d5430a1484a01d
CRs-Fixed: 2214158
Yun Park 7 years ago
parent
cb20b1a504
commit
e019632b14
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      core/dp/htt/htt_rx.c

+ 1 - 1
core/dp/htt/htt_rx.c
View File 

@@ -154,7 +154,7 @@ static void htt_rx_hash_deinit(struct htt_pdev_t *pdev)
 
 
 	if (qdf_mem_smmu_s1_enabled(pdev->osdev) && pdev->is_ipa_uc_enabled) {
 
 		mem_map_table = qdf_mem_map_table_alloc(
 
-					pdev->rx_ring.fill_level);
 
+					RX_NUM_HASH_BUCKETS * RX_ENTRIES_SIZE);
 
 		if (!mem_map_table) {
 
 			qdf_print("%s: Failed to allocate memory for mem map table\n",
 
 				  __func__);