qcacld-2.0: Fix potential buffer overflow in ol_txrx_update_tx_queue_groups
Check for the validity of group_id when received the htt message of
HTT_T2H_MSG_TYPE_TX_CREDIT_UPDATE_IND from firmware to ensure the buffer
overflow does not happen.
Change-Id: I17ac9f37a1450f32fb080c3b22f6317b6238068c
CRs-Fixed: 2174506
diff --git a/CORE/CLD_TXRX/TXRX/ol_txrx.c b/CORE/CLD_TXRX/TXRX/ol_txrx.c
index b137cdf..adf8dad 100644
--- a/CORE/CLD_TXRX/TXRX/ol_txrx.c
+++ b/CORE/CLD_TXRX/TXRX/ol_txrx.c
@@ -288,6 +288,15 @@
u_int32_t group_vdev_bit_mask, vdev_bit_mask, group_vdev_id_mask;
u_int32_t membership;
struct ol_txrx_vdev_t *vdev;
+
+ if (group_id >= OL_TX_MAX_TXQ_GROUPS) {
+ TXRX_PRINT(TXRX_PRINT_LEVEL_WARN,
+ "%s: invalid group_id=%u, ignore update.\n",
+ __func__,
+ group_id);
+ return;
+ }
+
group = &pdev->txq_grps[group_id];
membership = OL_TXQ_GROUP_MEMBERSHIP_GET(vdev_id_mask,ac_mask);