android_kernel_xiaomi_sm8350

History

Vignesh Viswanathan 53d69c9b7f qcacld-3.0: Fix integer overflow in wma_unified_link_peer_stats_event_handler Currently in wma_unified_link_peer_stats_event_handler, the check to validate if peer_stats->num_rates is less than WMA_SVC_MSG_MAX_SIZE is done only for the first member of the peer_stats array. This can lead to integer overflow as num_rates is calculated as sum of peer_stats->num_rates for each of the peer_stats in the array. Add code changes to loop and calculate total_num_rates for all the peer_stats and then validate total_num_rates with WMA_SVC_MSG_MAX_SIZE. Change-Id: Ic934934a990bd55fce70a0eaffa2812bc34b0ddd CRs-Fixed: 2113758	2017-10-05 16:59:49 -07:00
..
inc	qcacld-3.0: Implementation to change BmissFinalBcnt dynamically	2017-10-04 08:41:24 -07:00
src	qcacld-3.0: Fix integer overflow in wma_unified_link_peer_stats_event_handler	2017-10-05 16:59:49 -07:00

Vignesh Viswanathan 53d69c9b7f qcacld-3.0: Fix integer overflow in wma_unified_link_peer_stats_event_handler

Currently in wma_unified_link_peer_stats_event_handler, the check to validate
if peer_stats->num_rates is less than WMA_SVC_MSG_MAX_SIZE is done only for
the first member of the peer_stats array. This can lead to integer overflow
as num_rates is calculated as sum of peer_stats->num_rates for each of the
peer_stats in the array.

Add code changes to loop and calculate total_num_rates for all the peer_stats
and then validate total_num_rates with WMA_SVC_MSG_MAX_SIZE.

Change-Id: Ic934934a990bd55fce70a0eaffa2812bc34b0ddd
CRs-Fixed: 2113758

2017-10-05 16:59:49 -07:00

inc

qcacld-3.0: Implementation to change BmissFinalBcnt dynamically

2017-10-04 08:41:24 -07:00

src

qcacld-3.0: Fix integer overflow in wma_unified_link_peer_stats_event_handler

2017-10-05 16:59:49 -07:00