78495ce9665a210b3aee685fc51dcc88f1dcf024 - platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn

commit	78495ce9665a210b3aee685fc51dcc88f1dcf024	[log] [tgz]
author	Debasis Das <ddas@codeaurora.org>	Wed Apr 04 17:17:55 2018 +0530
committer	nshrivas <nshrivas@codeaurora.org>	Wed Jun 20 06:33:47 2018 -0700
tree	8207eb5c0098da8697375a18d02ce71ce8bafcc1
parent	da542178c9acd9969f09af26ae408aeb93eec604 [diff]

qcacmn: Fix Integer Overflow Leading to Buffer Overflow

wmi_buf_alloc() API expects length to be passed of type
uint16_t. However, the callers pass uint32_t to it.
This might result in overflow and illegal memory access
thereafter. The fix is to modify the API signature accordingly.

Change-Id: If09da4978d421269b884f7d3c933c49c81651475
CRs-Fixed: 2218346

wmi/inc/wmi_unified_api.h[diff]
wmi/src/wmi_unified.c[diff]

2 files changed

tree: 8207eb5c0098da8697375a18d02ce71ce8bafcc1

cfg/
dp/
ftm/
global_lmac_if/
hal/
hif/
htc/
init_deinit/
os_if/
qdf/
scheduler/
spectral/
target_if/
umac/
utils/
wlan_cfg/
wmi/
README.txt
VERSION.txt