lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
228645aa79
android_kernel_xiaomi_sm8350/core/dp/htt
History
jitiphil 5202b599f8 qcacld-3.0: Incorrect message offset validations in t2h message handling 
Currently in htt_t2h_msg_handler_fast, msg_len, which is in number of
bytes, is directly compared with pdev->rx_mpdu_range_offset_words,
which is in number of words. Thus their comparison becomes invalid.
In htt_t2h_msg_handler, in addition to similar issue as above, the
checks for message offset validations do not consider integer overflows
occurring.

In htt_t2h_msg_handler_fast, the check condition involving
pdev_rx_mpdu_range_offset_words were corrected to work with bytes,
and in htt_t2h_msg_handler checks for integer overflow were also
added.

Change-Id: I9ec7d30cc24d288ddcabd3bb30674a2ca21f2251
CRs-Fixed: 2248069
2018-06-08 10:11:36 -07:00
..
htt_fw_stats.c qcacld-3.0: Possible Out Of Bound reads in htt_t2h_tx_ppdu_log_print() 2018-05-17 07:59:21 -07:00
htt_h2t.c qcacld-3.0: dp: Remove legacy markings 2018-04-24 14:48:38 -07:00
htt_internal.h qcacld-3.0: Featurize monitor mode 2018-06-06 23:49:05 -07:00
htt_monitor_rx.c qcacld-3.0: Featurize monitor mode 2018-06-06 23:49:05 -07:00
htt_rx.c qcacld-3.0: Fix OOB access in htt_rx_ring_fill_n 2018-06-08 08:30:40 -07:00
htt_t2h.c qcacld-3.0: Incorrect message offset validations in t2h message handling 2018-06-08 10:11:36 -07:00
htt_tx.c qcacld-3.0: dp: Fix misspellings 2018-05-16 18:01:38 -07:00
htt_types.h qcacld-3.0: dp: Remove legacy markings 2018-04-24 14:48:38 -07:00
htt.c qcacld-3.0: dp: Remove legacy markings 2018-04-24 14:48:38 -07:00
rx_desc.h qcacld-3.0: dp: Remove legacy markings 2018-04-24 14:48:38 -07:00