Integrate security patch 2023-07-05-CVE-2023-24854 Change-Id: I0fd60fc08bbde3170e35f1558e165e8b8c3fc0f1 (cherry picked from commit 77e1ecd4722865a54240e8090b0758a68a44ddec)

commit: b1a8110d6394ae32a064585a37913c6646e76d88 [log] [tgz]
author: android-t2 <xiaocong.gu@t2mobile.com> Tue Jul 04 14:01:03 2023 +0800
committer: Fairphone ODM <fairphone-odm@localhost> Mon Jul 17 15:35:03 2023 +0800
tree: c9ff189c55ad7ccf89d0dfb89536c0f77bfa25ff
parent: e9eabf6fa9d97cecf7abdf7a8179b78417161f7f [diff]
diff --git a/drivers/soc/qcom/icnss2/qmi.c b/drivers/soc/qcom/icnss2/qmi.c
index fad86c7..7b78d75 100644
--- a/drivers/soc/qcom/icnss2/qmi.c
+++ b/drivers/soc/qcom/icnss2/qmi.c

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /*
  * Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
  */
 
 #define pr_fmt(fmt) "icnss2_qmi: " fmt
@@ -968,11 +969,11 @@
 			     __func__, resp->total_size, resp->data_len);
 
 		if ((resp->total_size_valid == 1 &&
-		    resp->total_size == total_size)
-		   && (resp->seg_id_valid == 1 && resp->seg_id == req->seg_id)
-		   && (resp->data_valid == 1 &&
-		resp->data_len <= QMI_WLFW_MAX_DATA_SIZE_V01)) {
-
+		     resp->total_size == total_size)
+		    && (resp->seg_id_valid == 1 && resp->seg_id == req->seg_id)
+		    && (resp->data_valid == 1 &&
+			resp->data_len <= QMI_WLFW_MAX_DATA_SIZE_V01)
+		    && resp->data_len <= remaining) {
 			memcpy(p_qdss_trace_data_temp,
 			       resp->data, resp->data_len);
 		} else {
commit	b1a8110d6394ae32a064585a37913c6646e76d88	[log] [tgz]
author	android-t2 <xiaocong.gu@t2mobile.com>	Tue Jul 04 14:01:03 2023 +0800
committer	Fairphone ODM <fairphone-odm@localhost>	Mon Jul 17 15:35:03 2023 +0800
tree	c9ff189c55ad7ccf89d0dfb89536c0f77bfa25ff
parent	e9eabf6fa9d97cecf7abdf7a8179b78417161f7f [diff]