Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / quic / qsdk / wifi / qca-wifi-oss / 9d1359fa510cbf6f18dd04b34afa224f8538a697
commit9d1359fa510cbf6f18dd04b34afa224f8538a697[log] [tgz]
authorDebasis Das <ddas@codeaurora.org>Wed Apr 04 17:17:55 2018 +0530
committernshrivas <nshrivas@codeaurora.org>Wed Jun 20 06:33:47 2018 -0700
tree8d892b52f4a963206acb4c4b1171be8d54e2747e
parentd9e3e9189aeb1ef390dd5b51314a598a041444e7 [diff]
qcacmn: Fix Integer Overflow Leading to Buffer Overflow

wmi_buf_alloc() API expects length to be passed of type
uint16_t. However, the callers pass uint32_t to it.
This might result in overflow and illegal memory access
thereafter. The fix is to modify the API signature accordingly.

Change-Id: If09da4978d421269b884f7d3c933c49c81651475
CRs-Fixed: 2218346
1 file changed
tree: 8d892b52f4a963206acb4c4b1171be8d54e2747e
  1. wmi_unified_apf_tlv.h
  2. wmi_unified_api.h
  3. wmi_unified_dfs_api.h
  4. wmi_unified_extscan_api.h
  5. wmi_unified_param.h
  6. wmi_unified_pmo_api.h
  7. wmi_unified_priv.h
  8. wmi_unified_reg_api.h
  9. wmi_unified_twt_api.h
  10. wmi_unified_twt_param.h
  11. wmi_version_whitelist.h