diff options
| author | mukul sharma <mukul@qti.qualcomm.com> | 2015-09-28 14:35:07 +0530 |
|---|---|---|
| committer | Anjaneedevi Kapparapu <akappa@codeaurora.org> | 2015-10-05 15:00:36 +0530 |
| commit | 7cf97952794d4d33f3e036448a53d9cf55e2aecd (patch) | |
| tree | 8fe2a4c1cd2f331a6fc94af256ccfbd3deaa9cd5 | |
| parent | ca6acd8fcade4b58d2447dfa1f16ba5169e6379a (diff) | |
qcacld-2.0: prevent buffer overflow at the end of HTC_TARGET
while filling the tx_bundle_stats of HTC_TARGET, host is
corrupting next four bytes due to inappropriate boundary
check.
Change-Id: I603ed4621183c16df154309d31d3f5b6f2265d48
CRs-Fixed: 913050
| -rw-r--r-- | CORE/SERVICES/HTC/htc_send.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/CORE/SERVICES/HTC/htc_send.c b/CORE/SERVICES/HTC/htc_send.c index bf7fc83e41b9..37f16497f002 100644 --- a/CORE/SERVICES/HTC/htc_send.c +++ b/CORE/SERVICES/HTC/htc_send.c @@ -415,7 +415,7 @@ static A_STATUS HTCSendBundledNetbuf(HTC_TARGET *target, #endif #if defined(DEBUG_HL_LOGGING) && defined(CONFIG_HL_SUPPORT) - if((data_len / pEndpoint->TxCreditSize) <= HTC_MAX_MSG_PER_BUNDLE_TX) { + if ((data_len / pEndpoint->TxCreditSize) < HTC_MAX_MSG_PER_BUNDLE_TX) { target->tx_bundle_stats[data_len / pEndpoint->TxCreditSize]++; } #endif |
