qcacld-3.0: Fix possible OOB access in ol_rx_reorder_detect_hole Currently tid is extracted from HTT message and it is used without check. This may cause possible OOB array read. To address this add check for valid tid. Change-Id: Idb03236e05fe43326f9ab46ae8368adc9a92d92a CRs-Fixed: 2225497

commit: adbff87a099a2f736fe06e13201ae9fff3772357 [log] [tgz]
author: Sravan Kumar Kairam <sgoud@codeaurora.org> Wed May 09 16:38:26 2018 +0530
committer: nshrivas <nshrivas@codeaurora.org> Wed May 16 10:26:17 2018 -0700
tree: bb20cc8af65bcd97b8831e97ba0d472f948bdf51
parent: 24e5b21555b5efb72210cfe21423d45dcc4dcd53 [diff] [blame]
diff --git a/core/dp/txrx/ol_rx_reorder.c b/core/dp/txrx/ol_rx_reorder.c
index 284adf9..5629fd2 100644
--- a/core/dp/txrx/ol_rx_reorder.c
+++ b/core/dp/txrx/ol_rx_reorder.c

@@ -457,6 +457,11 @@
 {
 	uint32_t win_sz_mask, next_rel_idx, hole_size;
 
+	if (tid >= OL_TXRX_NUM_EXT_TIDS) {
+		ol_txrx_err("%s:  invalid tid, %u\n", __FUNCTION__, tid);
+		return;
+	}
+
 	if (peer->tids_next_rel_idx[tid] == INVALID_REORDER_INDEX)
 		return;
commit	adbff87a099a2f736fe06e13201ae9fff3772357	[log] [tgz]
author	Sravan Kumar Kairam <sgoud@codeaurora.org>	Wed May 09 16:38:26 2018 +0530
committer	nshrivas <nshrivas@codeaurora.org>	Wed May 16 10:26:17 2018 -0700
tree	bb20cc8af65bcd97b8831e97ba0d472f948bdf51
parent	24e5b21555b5efb72210cfe21423d45dcc4dcd53 [diff] [blame]