android_kernel_xiaomi_sm8350

History

Rakshith Suresh Patkar 9051736a2e qcacld-3.0: Fix possible overflow in wma_stats_event_handler The excess buffer check in wma_stats_event_handler is such that if buflen is greater than WMI_SVC_MSG_MAX_SIZE, the resulting difference of the two values will be a negative integer, which will be treated as a very large positive integer since the data type is unsigned. This will result in the check failing to detect overflow when compared with sizeof(event). Fix the buflen check condition such that buflen is compared with the difference of WMI_SVC_MSG_MAX_SIZE and sizeof(event), eliminating the possibility of overflow. Change-Id: Ic20bfa554476db36e28557402cec23fcce5af85d CRs-Fixed: 2224443	2018-06-07 02:30:36 -07:00
..
inc	qcacld-3.0: Tighten the wma_tgt_cfg_cb API	2018-06-06 20:28:19 -07:00
src	qcacld-3.0: Fix possible overflow in wma_stats_event_handler	2018-06-07 02:30:36 -07:00

Rakshith Suresh Patkar 9051736a2e qcacld-3.0: Fix possible overflow in wma_stats_event_handler

The excess buffer check in wma_stats_event_handler is such that
if buflen is greater than WMI_SVC_MSG_MAX_SIZE, the resulting
difference of the two values will be a negative integer, which
will be treated as a very large positive integer since the data type
is unsigned. This will result in the check failing to detect overflow
when compared with sizeof(*event).

Fix the buflen check condition such that buflen is compared with the
difference of WMI_SVC_MSG_MAX_SIZE and sizeof(*event), eliminating
the possibility of overflow.

Change-Id: Ic20bfa554476db36e28557402cec23fcce5af85d
CRs-Fixed: 2224443

2018-06-07 02:30:36 -07:00

inc

qcacld-3.0: Tighten the wma_tgt_cfg_cb API

2018-06-06 20:28:19 -07:00

src

qcacld-3.0: Fix possible overflow in wma_stats_event_handler

2018-06-07 02:30:36 -07:00