Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / a3963373f6864b2d37d8b274c34de40792d71559
commita3963373f6864b2d37d8b274c34de40792d71559[log] [tgz]
authorVignesh Viswanathan <viswanat@codeaurora.org>Thu Sep 28 15:05:38 2017 +0530
committerNandini Suresh <snandini@codeaurora.org>Thu Oct 12 14:02:42 2017 -0700
treea6fe9bc79b5e31ecb605757235732b47c342af3c
parent1a99fe0842794fb9b92a50b40a054401ab26f803 [diff]
qcacld-3.0: Avoid integer overflow in wma_ndp_end_indication_event_handler

In function wma_ndp_end_indication_event_handler, num_ndp_end_indication_list
from the fw is used to calculate buf_size which is in turn used to malloc.
This could lead to potential integer overflow if num_ndp_end_indication_list
is a very high value.

Add check to validate num_ndp_end_indication_list does not exceed the max
message size from firmware.

Change-Id: Icbb763bfc14ec0ef8424cab50afa5c6826fd3c60
CRs-Fixed: 2114255
1 file changed
tree: a6fe9bc79b5e31ecb605757235732b47c342af3c
  1. components/
  2. core/
  3. uapi/
  4. Android.mk
  5. Kbuild
  6. Kconfig
  7. Makefile
  8. README.txt