Startsida Utforska Hjälp
Logga in
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Bläddra i källkod

qcacmn: Fix out-of-bounds write in htc_add_receive_pkt_multiple

In htc_add_receive_pkt_multiple, out-of-bounds write to a buffer.
Fix by checking the endpoint against the max endpoint.

Change-Id: Iaa82c7e8f3ae59f007380a7697959dd79dfb81ed
CRs-Fixed: 2232836
Yun Park 6 år sedan
förälder
890818bd02
incheckning
ed2a224ba2
1 ändrade filer med 4 tillägg och 1 borttagningar
Delad Vy Visa Diff Statistik
  1. 4 1
      htc/htc_recv.c

+ 4 - 1
htc/htc_recv.c
Visa fil 

@@ -518,7 +518,10 @@ A_STATUS htc_add_receive_pkt_multiple(HTC_HANDLE HTCHandle,
 
 		return A_EINVAL;
 
 	}
 
 
-	AR_DEBUG_ASSERT(pFirstPacket->Endpoint < ENDPOINT_MAX);
 
+	if (pFirstPacket->Endpoint >= ENDPOINT_MAX) {
 
+		A_ASSERT(false);
 
+		return A_EINVAL;
 
+	}
 
 
 	AR_DEBUG_PRINTF(ATH_DEBUG_RECV,
 
 			("+- htc_add_receive_pkt_multiple : endPointId: %d, cnt:%d, length: %d\n",