wlan: Fix out of bound access in csrScanSmeScanResponse
Out of bound access is reported by kernel address
sanitizer (KASan) tool.
=================================================================
BUG: KASAN: slab-out-of-bounds in csrScanSmeScanResponse+0x148/0x35c
[wlan] at addr ffffffc01745b208
Read of size 4 by task VosMCThread/32563
=================================================================
BUG kmalloc-128 (Tainted: P B W O ): kasan: bad access detected
----------------------------------------------------------------------
[<ffffffc00008c80c>] dump_backtrace+0x0/0x284
[<ffffffc00008caa0>] show_stack+0x10/0x1c
[<ffffffc001e992fc>] dump_stack+0x74/0xfc
[<ffffffc0002f3094>] print_trailer+0x150/0x164
[<ffffffc0002f345c>] object_err+0x38/0x4c
[<ffffffc0002f8994>] kasan_report+0x34c/0x504
[<ffffffc0002f8ba0>] __asan_report_load4_noabort+0x14/0x20
[<ffffffbffc2adea8>] csrScanSmeScanResponse+0x144/0x35c [wlan]
[<ffffffbffc2ae1b0>] csrScanningStateMsgProcessor+0xf0/0x6e4 [wlan]
[<ffffffbffc2b6e10>] csrMsgProcessor+0x1f8/0x2c8 [wlan]
[<ffffffbffc252ff0>] sme_ProcessMsg+0x1024/0x115c [wlan]
[<ffffffbffc3a29d0>] VosMCThread+0x798/0x950 [wlan]
[<ffffffc0000f1f24>] kthread+0x22c/0x240
=================================================================
Improper type-casting of a buffer leads to out of bound access
of a buffer which may result in kernel panic.
To mitigate this issue typecast a buffer as per the caller function.
CRs-Fixed: 972671
Change-Id: I7861ead27dff6b8dd45fbeafae8cf4c6f1ca4523
1 file changed