Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d17869ed authored by ptak's avatar ptak Committed by Vivekananda T
Browse files

msm: cvp: OOB write fix due to integer underflow 



If FW send a pkt->size which is less than the sizeof packet structure
then pkt->size - sizeof() would result into an integer underflow.
Due to this the subsequent check would be bypassed and we will
start write to an OOB memory.

Change-Id: Icb3e4e6d64275592ceb6f747de653dcc1c65fec7
Signed-off-by: default avatarptak <quic_ptak@quicinc.com>
(cherry picked from commit 143f5001)
parent 7798d6e3
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment