qcacld-2.0: Fix potential buffer overflow in process_tx_info Check for buffer overflow for pktlog messages in process_tx_info function before doing mem copy. Change-Id: I5d34bfdecb4fd9dad1741da2256873ef3e9e708c CRs-Fixed: 2154331

commit: 59b826d85b2c778a3ef281ab4b7c6a3aaee0dc89 [log] [tgz]
author: Poddar, Siddarth <siddpodd@codeaurora.org> Wed Dec 06 12:44:30 2017 +0530
committer: Anjaneedevi Kapparapu <akappara@codeaurora.org> Thu Feb 01 15:22:39 2018 +0530
tree: e595bb9e129468b94623f772e22861d8912914b9
parent: 2202cbc522bd237de00c496f8847b24128d044e1 [diff]
diff --git a/CORE/UTILS/PKTLOG/pktlog_internal.c b/CORE/UTILS/PKTLOG/pktlog_internal.c
index b8f9ea2..ec27459 100644
--- a/CORE/UTILS/PKTLOG/pktlog_internal.c
+++ b/CORE/UTILS/PKTLOG/pktlog_internal.c

@@ -323,6 +323,10 @@
 		 */
 		txctl_log.priv.frm_hdr = frm_hdr;
 		adf_os_assert(txctl_log.priv.txdesc_ctl);
+		adf_os_assert(pl_hdr.size < sizeof(txctl_log.priv.txdesc_ctl));
+		pl_hdr.size = (pl_hdr.size > sizeof(txctl_log.priv.txdesc_ctl))
+			       ? sizeof(txctl_log.priv.txdesc_ctl) :
+			       pl_hdr.size;
 		adf_os_mem_copy((void *)&txctl_log.priv.txdesc_ctl,
 				((void *)data + sizeof(struct ath_pktlog_hdr)),
 				pl_hdr.size);
commit	59b826d85b2c778a3ef281ab4b7c6a3aaee0dc89	[log] [tgz]
author	Poddar, Siddarth <siddpodd@codeaurora.org>	Wed Dec 06 12:44:30 2017 +0530
committer	Anjaneedevi Kapparapu <akappara@codeaurora.org>	Thu Feb 01 15:22:39 2018 +0530
tree	e595bb9e129468b94623f772e22861d8912914b9
parent	2202cbc522bd237de00c496f8847b24128d044e1 [diff]