wcnss: Fix buffer overflow in wcnss_prealloc_get (3bf9053d) · Commits · e / devices / android_kernel_fairphone_FP3

drivers/net/wireless/cnss_prealloc/cnss_prealloc.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@
		#include <linux/stacktrace.h>
		#include <linux/spinlock.h>
		#include <linux/debugfs.h>
		#include <net/cnss_prealloc.h>
		#ifdef CONFIG_WCNSS_SKB_PRE_ALLOC
		#include <linux/skbuff.h>
		#endif
		@@ -33,7 +34,7 @@ static struct dentry *debug_base;

		struct wcnss_prealloc {
		int occupied;
		unsigned int size;
		size_t size;
		void *ptr;
		#ifdef CONFIG_SLUB_DEBUG
		unsigned long stack_trace[WCNSS_MAX_STACK_TRACE];
		@@ -153,7 +154,7 @@ static inline
		void wcnss_prealloc_save_stack_trace(struct wcnss_prealloc *entry) {}
		#endif

		void *wcnss_prealloc_get(unsigned int size)
		void *wcnss_prealloc_get(size_t size)
		{
		int i = 0;
		unsigned long flags;
		@@ -210,7 +211,7 @@ void wcnss_prealloc_check_memory_leak(void)
		j++;
		}

		pr_err("Size: %u, addr: %pK, backtrace:\n",
		pr_err("Size: %zu, addr: %pK, backtrace:\n",
		wcnss_allocs[i].size, wcnss_allocs[i].ptr);
		print_stack_trace(&wcnss_allocs[i].trace, 1);
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -127,7 +127,7 @@ int wcnss_get_wlan_mac_address(char mac_addr[WLAN_MAC_ADDR_SIZE]);
		void wcnss_allow_suspend(void);
		void wcnss_prevent_suspend(void);
		int wcnss_hardware_type(void);
		void *wcnss_prealloc_get(unsigned int size);
		void *wcnss_prealloc_get(size_t size);
		int wcnss_prealloc_put(void *ptr);
		void wcnss_reset_fiq(bool clk_chk_en);
		void wcnss_suspend_notify(void);

+1 −1

Original line number	Diff line number	Diff line
		@@ -15,7 +15,7 @@

		#define WCNSS_PRE_ALLOC_GET_THRESHOLD (4*1024)

		extern void *wcnss_prealloc_get(unsigned int size);
		extern void *wcnss_prealloc_get(size_t size);
		extern int wcnss_prealloc_put(void *ptr);
		extern int wcnss_pre_alloc_reset(void);
		void wcnss_prealloc_check_memory_leak(void);