35b9bf6c44
In monitor mode, when the channel is set to any 2G band channel the mac_id passed to dp_mon_process API is 1. As part of dp_rx_buffers_replenish, refill history is logged and the mac_id is used to index into the history array. The array is of size 1 and OOB access would happen when ring_num which is the mac_id, passed in is 1. Fix is to pass the pdev->lmac_id instead to dp_rx_refill_ring_record_entry and add ring_num sanity check. Change-Id: Id824ec8b01e7923ad74771d5f34a25f5fccb65f3 CRs-Fixed: 2939544
98 KiB
98 KiB