Wlan: Fix out of bound access in WDI_Process_RssiBreachedInd
Out of bound access is reported by kernel address
sanitizer (KASan) tool.
==========================================================================
BUG: KASAN: stack-out-of-bounds in memcpy+0x28/0x54 at addr
ffffffc02ab87940
Read of size 12 by task VosMCThread/21192
==========================================================================
page dumped because: kasan: bad access detected
---------------------------------------------------------------------------
[<ffffffc00008c85c>] dump_backtrace+0x0/0x284
[<ffffffc00008caf0>] show_stack+0x10/0x1c
[<ffffffc001ea33c8>] dump_stack+0x74/0xfc
[<ffffffc0002fb030>] kasan_report+0x3b4/0x504
[<ffffffc0002fa290>] __asan_loadN+0x20/0x14c
[<ffffffc0002fa794>] memcpy+0x24/0x54
[<ffffffbffc385dc0>] vos_mem_copy+0x68/0x7c [wlan]
[<ffffffbffc4448f4>] wpalMemoryCopy+0x8/0x18 [wlan]
[<ffffffbffc3e7474>] WDI_Process_RssiBreachedInd+0x140/0x228 [wlan]
[<ffffffbffc3fbff4>] WDI_MainRsp+0x25c/0x31c [wlan]
[<ffffffbffc3f4abc>] WDI_PostMainEvent+0x14c/0x208 [wlan]
[<ffffffbffc4005a4>] WDI_RXMsgCTSCB+0x3e8/0x434 [wlan]
[<ffffffbffc440858>] WCTS_PALDataCallback+0x158/0x4a8 [wlan]
[<ffffffbffc392b48>] VosMCThread+0x3d4/0x950 [wlan]
[<ffffffc0000f1f30>] kthread+0x22c/0x240
==========================================================================
The data from firmware was copied from hal structure which is packed
to WDI structure which is unpacked using size of unpacked structure
and thus extra byte was copied.
To fix this assign the elements of the structure instead of memcopy.
Change-Id: Ib180d3afb3f2c58f70856502f87bac308d3d620e
CRs-Fixed: 974524
1 file changed