Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit a116b23f authored by Lior David's avatar Lior David Committed by Hamad Kadmany
Browse files

wil6210: fix length check in __wmi_send 



The current length check:
sizeof(cmd) + len > r->entry_size
will allow very large values of len (> U16_MAX - sizeof(cmd))
and can cause a buffer overflow. Fix the check to cover this case.
In addition, ensure the mailbox entry_size is not too small,
since this can also bypass the above check.

Change-Id: Iecb4f53ef05da0e015bc954b57b0e40debb7c8b7
Signed-off-by: default avatarLior David <liord@codeaurora.org>
Signed-off-by: default avatarHamad Kadmany <hkadmany@codeaurora.org>
parent 67264747
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment