qcacld-3.0: OOB read while processing extscan change results

In function wma_extscan_change_results_event_handler(), numResults
in dest_chglist is assigning as total_entries in the event, but the
memory allocated to dest_chglist is based on the numap variable,
which may cause out of buffer read in extscan indication callback
function wlan_hdd_cfg80211_extscan_signif_wifi_change_results_ind().

Also tSirWifiSignificantChange array parsing in both the functions
is not efficient which may lead to accessing unallocated memory.

To address out of buffer read, assign numap to numResults in
dest_chglist and to address accessing of unallocated memory,
parse tSirWifiSignificantChange array with efficient logic.

Change-Id: Ia0c287147e80e17de84fe6b1cb83c8e3c29a1fa0
CRs-Fixed: 2253396

0 files changed, 0 insertions, 0 deletions