qcacmn: Possible OOB read in process_fw_diag_event_data
API "fw_diag_data_event_handler" is the handler of an event WMI_DIAG_DATA_CONTAINER_EVENTID comes from FW. Arguments of this handler function come from FW. If num_data may be less than size of(struct wlan_diag_data), possible OOB while extracting event data. Fix is to add a sanity check for num_data to avoid the OOB read. Change-Id: Ia2eb62dbaa154936bdb4ea34065657d441f12810 CRs-Fixed: 3001178
Loading
Please register or sign in to comment