9051736a2e
The excess buffer check in wma_stats_event_handler is such that if buflen is greater than WMI_SVC_MSG_MAX_SIZE, the resulting difference of the two values will be a negative integer, which will be treated as a very large positive integer since the data type is unsigned. This will result in the check failing to detect overflow when compared with sizeof(*event). Fix the buflen check condition such that buflen is compared with the difference of WMI_SVC_MSG_MAX_SIZE and sizeof(*event), eliminating the possibility of overflow. Change-Id: Ic20bfa554476db36e28557402cec23fcce5af85d CRs-Fixed: 2224443
This is CNSS WLAN Host Driver for products starting from iHelium