diff options
| author | Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org> | 2019-05-08 18:45:44 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2019-05-14 23:35:06 -0700 |
| commit | 1083615c2ba0f9f973cc778082f842775e55e19b (patch) | |
| tree | e98b489b2529210d79a958a798b82d39afea3d3c /fs/btrfs/tests/btrfs-tests.c | |
| parent | 21a2827a62cebcc49e4a606bfadce3c6110a514f (diff) | |
qcacmn: Fix possible NULL dereference in apf read
While processing WMI_BPF_GET_VDEV_WORK_MEMORY_RESP_EVENTID,
in wma_apf_read_work_memory_event_handler() apf read callback is
invoked after wmi_extract_apf_read_memory_resp_event_tlv().
During extraction of apf attributes there is no NULL check of data
tlv when data length is non-zero. If the firmware message is wrongly
crafted with non-zero length in fixed param and NULL data then NULL
pointer dereference is seen in apf read callback.
To address this, avoid copy when data is NULL and data length is
non-zero.
Change-Id: Ie054c487ead5c929e5a293651a65383d6f87dc71
CRs-Fixed: 2446019
Diffstat (limited to 'fs/btrfs/tests/btrfs-tests.c')
0 files changed, 0 insertions, 0 deletions