5bcb195217746baa73bd5c10cd8a8568fce0498d - imx-board-wlan-src

commit	5bcb195217746baa73bd5c10cd8a8568fce0498d	[log] [tgz]
author	Abhinav Kumar <abhikuma@codeaurora.org>	Wed Dec 06 12:30:30 2017 +0530
committer	Anjaneedevi Kapparapu <akappara@codeaurora.org>	Thu Feb 01 15:22:47 2018 +0530
tree	0c3940c7f5018d603e5b51049b8abba46a47c562
parent	0e07e66e16e8c31339f980a43f09c8d53851e71a [diff]

qcacld-2.0: Fix potential buffer overwrite

In function wma_unified_link_iface_stats_event_handler, num_ac
is received from the firmware and is used in the loop to populate
values into results. However, the memory for results is allocated
only for WIFI_AC_MAX and a buffer overflow will occur if num_ac
is greater than or equal to WIFI_AC_MAX.

Add checks to make sure num_ac is not greater than or equal to
WIFI_AC_MAX.

Change-Id: Ife8b1d19aa853f85f4fad82d5791e49a8c892ca4
CRs-Fixed: 2154226

CORE/SERVICES/WMA/wma.c[diff]

1 file changed

tree: 0c3940c7f5018d603e5b51049b8abba46a47c562

CORE/
firmware_bin/
wcnss/
Android.mk
Kbuild
Kconfig
Makefile