qcacld-3.0: Integer overflow in wma_unified_link_peer_stats_event_handler

In wma_unified_link_peer_stats_event_handler a check for excess WMI
buffer is done by comparing difference between WMI_SVC_MSG_MAX_SIZE and
buffer length with size of wmi_peer_stats_event_fixed_param. In case the
buffer length is a value larger than WMI_SVC_MSG_MAX_SIZE, and as buffer
length is an unsigned integer, it causes an integer overflow and results
in a very large value, thus invalidating the check.

Change the check to compare difference of WMI_SVC_MSG_MAX_SIZE and size
of wmi_peer_stats_event_fixed_param with the buffer length which
prevents chance of integer overflow.

Change-Id: Ic99d0cf6b34c7c45dde3c4feb50e102807564eff
CRs-Fixed: 2224451

0 files changed, 0 insertions, 0 deletions