Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ad882ad8 authored by Paul Zhang's avatar Paul Zhang Committed by Gerrit - the friendly Code Review server
Browse files

qcacld-3.0: Possible buffer overflow 

Fix array index out of bounds issue in function
cds_hang_event_notifier_call.

Change-Id: I19f17e6b53e9be83c63a7aa3c8ac7ed6d0b6e852
CRs-Fixed: 2777774
parent 0b05c4d3

core/cds/src/cds_api.c

+8 −2
Original line number Diff line number Diff line
@@ -607,11 +607,17 @@ static int cds_hang_event_notifier_call(struct notifier_block *block, 


	cmd->recovery_reason = gp_cds_context->recovery_reason;



	/* userspace expects a fixed format */

	qdf_mem_set(&cmd->driver_version, DRIVER_VER_LEN, ' ');

	qdf_mem_copy(&cmd->driver_version, QWLAN_VERSIONSTR,

		     DRIVER_VER_LEN);

		     qdf_min(sizeof(QWLAN_VERSIONSTR) - 1,

			     (size_t)DRIVER_VER_LEN));



	/* userspace expects a fixed format */

	qdf_mem_set(&cmd->hang_event_version, HANG_EVENT_VER_LEN, ' ');

	qdf_mem_copy(&cmd->hang_event_version, QDF_HANG_EVENT_VERSION,

		     HANG_EVENT_VER_LEN);

		     qdf_min(sizeof(QDF_HANG_EVENT_VERSION) - 1,

			     (size_t)HANG_EVENT_VER_LEN));



	cds_hang_data->offset += total_len;

	return NOTIFY_OK;