qcacld-3.0: Fix potential OOB memory access (a12ebb70) · Commits · e / devices / android_kernel_fairphone_FP5

drivers/staging/qcacld-3.0/core/wma/src/wma_utils.c

+3 −5

Original line number	Diff line number	Diff line
		/*
		* Copyright (c) 2013-2021 The Linux Foundation. All rights reserved.
		* Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
		* Copyright (c) 2021-2025 Qualcomm Innovation Center, Inc. All rights reserved.
		*
		* Permission to use, copy, modify, and/or distribute this software for
		* any purpose with or without fee is hereby granted, provided that the
		@@ -708,7 +708,6 @@ int wma_stats_ext_event_handler(void handle, uint8_t event_buf,
		}

		stats_ext_info = param_buf->fixed_param;
		buf_ptr = (uint8_t *)stats_ext_info;

		alloc_len = sizeof(tSirStatsExtEvent);
		alloc_len += stats_ext_info->data_len;
		@@ -725,7 +724,7 @@ int wma_stats_ext_event_handler(void handle, uint8_t event_buf,
		if (!stats_ext_event)
		return -ENOMEM;

		buf_ptr += sizeof(wmi_stats_ext_event_fixed_param) + WMI_TLV_HDR_SIZE;
		buf_ptr = (uint8_t *)param_buf->data;

		stats_ext_event->vdev_id = stats_ext_info->vdev_id;
		stats_ext_event->event_data_len = stats_ext_info->data_len;
		@@ -775,7 +774,6 @@ int wma_stats_ext_event_handler(void handle, uint8_t event_buf,
		}

		stats_ext_info = param_buf->fixed_param;
		buf_ptr = (uint8_t *)stats_ext_info;

		alloc_len = sizeof(tSirStatsExtEvent);
		alloc_len += stats_ext_info->data_len;
		@@ -791,7 +789,7 @@ int wma_stats_ext_event_handler(void handle, uint8_t event_buf,
		if (!stats_ext_event)
		return -ENOMEM;

		buf_ptr += sizeof(wmi_stats_ext_event_fixed_param) + WMI_TLV_HDR_SIZE;
		buf_ptr = (uint8_t *)param_buf->data;

		stats_ext_event->vdev_id = stats_ext_info->vdev_id;
		stats_ext_event->event_data_len = stats_ext_info->data_len;