diff options
| author | Vignesh Viswanathan <viswanat@codeaurora.org> | 2017-09-28 15:02:57 +0530 |
|---|---|---|
| committer | snandini <snandini@codeaurora.org> | 2017-10-06 15:36:08 -0700 |
| commit | 8295b5009af279e4c84bcb3d5ea9adff5d71b241 (patch) | |
| tree | 1b9e1e46f7c899cb24e9eb9ab3208aba4e137a6d /uapi/linux/debug_linux.h | |
| parent | 7ea96b821271328619c7ef63d36c32cc8167346c (diff) | |
qcacld-3.0: Avoid integer overflow in wma_ndp_end_indication_event_handler
In function wma_ndp_end_indication_event_handler, num_ndp_end_indication_list
from the fw is used to calculate buf_size which is in turn used to malloc.
This could lead to potential integer overflow if num_ndp_end_indication_list
is a very high value.
Add check to validate num_ndp_end_indication_list does not exceed the max
message size from firmware.
Change-Id: Icbb763bfc14ec0ef8424cab50afa5c6826fd3c60
CRs-Fixed: 2114255
Diffstat (limited to 'uapi/linux/debug_linux.h')
0 files changed, 0 insertions, 0 deletions
