diff options
| author | Vignesh Viswanathan <viswanat@codeaurora.org> | 2017-09-28 15:26:56 +0530 |
|---|---|---|
| committer | snandini <snandini@codeaurora.org> | 2017-10-06 15:36:27 -0700 |
| commit | 96b2f0e755aadc1df1c701c3ffe2ff6bc152fa96 (patch) | |
| tree | c5850f8fbba9b6028bbf5cc13fda6f8f1705d62e /uapi | |
| parent | 8295b5009af279e4c84bcb3d5ea9adff5d71b241 (diff) | |
qcacld-3.0: Fix potential buffer overwrite in wma_unified_link_iface_stats_event_handler
In function wma_unified_link_iface_stats_event_handler, num_ac is received
from the firmware and is used in the loop to populate values into results.
However the memory for results is allocated only for WIFI_AC_MAX and a
buffer overflow will occur of num_ac is greater than WIFI_AC_MAX.
Add checks to make sure num_ac is not greater than WIFI_AC_MAX and
num_offload_stats is not greater than WMI_OFFLOAD_STATS_TYPE_MAX.
Change-Id: Ife8b1d19aa853f85f4fad82d5791e49a8c892ca4
CRs-Fixed: 2114756
Diffstat (limited to 'uapi')
0 files changed, 0 insertions, 0 deletions
