qcacld-3.0: Fix possible OOB access in ol_rx_reorder_detect_hole
Currently tid is extracted from HTT message and it is used without
check. This may cause possible OOB array read. To address this add
check for valid tid.
Change-Id: Idb03236e05fe43326f9ab46ae8368adc9a92d92a
CRs-Fixed: 2225497
diff --git a/core/dp/txrx/ol_rx_reorder.c b/core/dp/txrx/ol_rx_reorder.c
index 284adf9..5629fd2 100644
--- a/core/dp/txrx/ol_rx_reorder.c
+++ b/core/dp/txrx/ol_rx_reorder.c
@@ -457,6 +457,11 @@
{
uint32_t win_sz_mask, next_rel_idx, hole_size;
+ if (tid >= OL_TXRX_NUM_EXT_TIDS) {
+ ol_txrx_err("%s: invalid tid, %u\n", __FUNCTION__, tid);
+ return;
+ }
+
if (peer->tids_next_rel_idx[tid] == INVALID_REORDER_INDEX)
return;