qcacld-3.0: Fix potential OOB read when dump dbs hw mode
It doesn't update wma_handle->num_dbs_hw_modes after event
WMI_SERVICE_READY_EXT_EVENTID comes and re-allocate hw_mode_list,
which will cause potentially OOB read hw_mode_list.
Change-Id: I8e4aa13120bfe185fba3e0000cf289406b6bcfce
CRs-Fixed: 2336889
diff --git a/core/wma/src/wma_main.c b/core/wma/src/wma_main.c
index ff83473..4fab81a 100644
--- a/core/wma/src/wma_main.c
+++ b/core/wma/src/wma_main.c
@@ -6470,12 +6470,15 @@
wma_handle->hw_mode.hw_mode_list =
qdf_mem_malloc(sizeof(*wma_handle->hw_mode.hw_mode_list) *
num_hw_modes);
- if (!wma_handle->hw_mode.hw_mode_list)
+ if (!wma_handle->hw_mode.hw_mode_list) {
+ wma_handle->num_dbs_hw_modes = 0;
return QDF_STATUS_E_FAILURE;
+ }
WMA_LOGD("%s: Updated HW mode list: Num modes:%d",
__func__, num_hw_modes);
+ wma_handle->num_dbs_hw_modes = num_hw_modes;
for (i = 0; i < num_hw_modes; i++) {
/* Update for MAC0 */
tmp = &mac_phy_cap[j++];