Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / prima / 274ab2a3498f760ef1d4a4225edb30b78d51afd2
commit274ab2a3498f760ef1d4a4225edb30b78d51afd2[log] [tgz]
authorAbhinav Kumar <abhikuma@codeaurora.org>Fri Nov 09 11:38:06 2018 +0530
committerAbhinav Kumar <abhikuma@codeaurora.org>Fri Nov 09 11:40:41 2018 +0530
tree07f827715a6ad1ef662277fa514ef295258ccd72
parentb0f95f5102234255277510aec0d8e63405e43047 [diff]
prima: Fix possible OOB read in ProcDnldRsp

In ProcDnldRsp, pHdr->sBufSize is coming from fw message
which could not be trusted. Before its use ProcDnldRsp
should verify it against its max allowed size (UINT_MAX).

Fix is to add a sanity check for pHdr->sBufSize against
UINT_MAX before its use.

Change-Id: I6ec970483af860d5e42d6adac640274743f44f1a
CRs-Fixed: 2347297
1 file changed
tree: 07f827715a6ad1ef662277fa514ef295258ccd72
  1. CORE/
  2. firmware_bin/
  3. riva/
  4. Android.mk
  5. Kbuild
  6. Kconfig
  7. Makefile