Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8d2b166b authored by Aditya Kodukula's avatar Aditya Kodukula Committed by Ravindra Konda
Browse files

qcacld-3.0: Add a sanity check to prevent integer overflow 

Currently in the function hdd_send_roam_scan_channel_freq_list_to_sme,
the num_chan variable is declared as uint8_t and is incremented
for each nested attribute PARAM_SCAN_FREQ_LIST.

If the number of attributes sent by userspace is more than max value
of uint8_t, then an integer overflow occurs.

To avoid this issue, add a sanity check to see if num_chan has reached
SIR_MAX_SUPPORTED_CHANNEL_LIST before incrementing variable.

Change-Id: I601a73a118eb65ebb8575f6ed5ed1f29d915f59e
CRs-Fixed: 3568577
parent e09fe887
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment