qcacld-3.0: Fix an OOB issue in bmi_sign_stream_start() Remaining may be greater than its original value when (remaining & 0x3)!=0, then OOB occurs when memcpy.To address this, align the remaining after doing memcpy. Change-Id: I3e39a791a76a272e82beb6561375e26ca84ec0f4 CRs-Fixed: 2259721

commit: 8944216d43b2fcb75e69f8c6ea7b2627fe71dfd0 [log] [tgz]
author: Lihua Liu <lihual@codeaurora.org> Tue Aug 14 11:14:06 2018 +0800
committer: nshrivas <nshrivas@codeaurora.org> Fri Aug 17 04:40:05 2018 -0700
tree: bf5e331c945066b8d87dc59c186508321f8591de
parent: daf40e37c68b38f342b4891e2db3aca565419b90 [diff]
diff --git a/core/bmi/src/bmi.c b/core/bmi/src/bmi.c
index 5917101..a637da3 100644
--- a/core/bmi/src/bmi.c
+++ b/core/bmi/src/bmi.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2017 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2014-2018 The Linux Foundation. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -414,8 +414,8 @@
 		src = &buffer[length - remaining];
 		if (remaining < (BMI_DATASZ_MAX - header)) {
 			if (remaining & 0x3) {
-				remaining = remaining + (4 - (remaining & 0x3));
 				memcpy(aligned_buf, src, remaining);
+				remaining = remaining + (4 - (remaining & 0x3));
 				src = aligned_buf;
 			}
 			txlen = remaining;
commit	8944216d43b2fcb75e69f8c6ea7b2627fe71dfd0	[log] [tgz]
author	Lihua Liu <lihual@codeaurora.org>	Tue Aug 14 11:14:06 2018 +0800
committer	nshrivas <nshrivas@codeaurora.org>	Fri Aug 17 04:40:05 2018 -0700
tree	bf5e331c945066b8d87dc59c186508321f8591de
parent	daf40e37c68b38f342b4891e2db3aca565419b90 [diff]