Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 4e3f275a80a3c07932c39ac064494f9c0d81f3c4
commit4e3f275a80a3c07932c39ac064494f9c0d81f3c4[log] [tgz]
authorBala Venkatesh <bjavvaji@codeaurora.org>Tue Jun 18 19:35:16 2019 +0530
committernshrivas <nshrivas@codeaurora.org>Thu Jun 20 18:36:10 2019 -0700
tree5fd1842199348e808190979426072f6bb9679641
parentdb24dda3717937db5f35c329831e42a95f49022e [diff]
qcacld-3.0: Avoid OOB in function tdls_ct_idle_handler

In function tdls_ct_idle_handler, idx is assigned from
tdls_info->index which can be 0 254. But tdls_conn_info
is static array in tdls_soc_priv_obj of size
WLAN_TDLS_STA_MAX_NUM (8). So check idx is less than
WLAN_TDLS_STA_MAX_NUM or not to avoid OOB memory access.

Change-Id: I8387cb0a44a79f0f83b25c12de2aa9fbc39ab2f3
CRs-Fixed: 2474432
1 file changed
tree: 5fd1842199348e808190979426072f6bb9679641
  1. components/
  2. configs/
  3. core/
  4. os_if/
  5. uapi/
  6. Android.mk
  7. Kbuild
  8. Kconfig
  9. Makefile
  10. README.txt