summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormukul sharma <mukul@qti.qualcomm.com>2015-09-28 14:35:07 +0530
committerAnjaneedevi Kapparapu <akappa@codeaurora.org>2015-10-05 15:00:36 +0530
commit7cf97952794d4d33f3e036448a53d9cf55e2aecd (patch)
tree8fe2a4c1cd2f331a6fc94af256ccfbd3deaa9cd5
parentca6acd8fcade4b58d2447dfa1f16ba5169e6379a (diff)
qcacld-2.0: prevent buffer overflow at the end of HTC_TARGET
while filling the tx_bundle_stats of HTC_TARGET, host is corrupting next four bytes due to inappropriate boundary check. Change-Id: I603ed4621183c16df154309d31d3f5b6f2265d48 CRs-Fixed: 913050
-rw-r--r--CORE/SERVICES/HTC/htc_send.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/CORE/SERVICES/HTC/htc_send.c b/CORE/SERVICES/HTC/htc_send.c
index bf7fc83e41b9..37f16497f002 100644
--- a/CORE/SERVICES/HTC/htc_send.c
+++ b/CORE/SERVICES/HTC/htc_send.c
@@ -415,7 +415,7 @@ static A_STATUS HTCSendBundledNetbuf(HTC_TARGET *target,
#endif
#if defined(DEBUG_HL_LOGGING) && defined(CONFIG_HL_SUPPORT)
- if((data_len / pEndpoint->TxCreditSize) <= HTC_MAX_MSG_PER_BUNDLE_TX) {
+ if ((data_len / pEndpoint->TxCreditSize) < HTC_MAX_MSG_PER_BUNDLE_TX) {
target->tx_bundle_stats[data_len / pEndpoint->TxCreditSize]++;
}
#endif