qcacmn: Fix Integer Overflow Leading to Buffer Overflow wmi_buf_alloc() API expects length to be passed of type uint16_t. However, the callers pass uint32_t to it. This might result in overflow and illegal memory access thereafter. The fix is to modify the API signature accordingly. Change-Id: If09da4978d421269b884f7d3c933c49c81651475 CRs-Fixed: 2218346

commit: 9d1359fa510cbf6f18dd04b34afa224f8538a697 [log] [tgz]
author: Debasis Das <ddas@codeaurora.org> Wed Apr 04 17:17:55 2018 +0530
committer: nshrivas <nshrivas@codeaurora.org> Wed Jun 20 06:33:47 2018 -0700
tree: 8d892b52f4a963206acb4c4b1171be8d54e2747e
parent: d9e3e9189aeb1ef390dd5b51314a598a041444e7 [diff] [blame]
diff --git a/wmi_unified_api.h b/wmi_unified_api.h
index 680226a..f8cf143 100644
--- a/wmi_unified_api.h
+++ b/wmi_unified_api.h

@@ -195,10 +195,10 @@
 #ifdef NBUF_MEMORY_DEBUG
 #define wmi_buf_alloc(h, l) wmi_buf_alloc_debug(h, l, __FILE__, __LINE__)
 wmi_buf_t
-wmi_buf_alloc_debug(wmi_unified_t wmi_handle, uint16_t len,
+wmi_buf_alloc_debug(wmi_unified_t wmi_handle, uint32_t len,
 		    uint8_t *file_name, uint32_t line_num);
 #else
-wmi_buf_t wmi_buf_alloc(wmi_unified_t wmi_handle, uint16_t len);
+wmi_buf_t wmi_buf_alloc(wmi_unified_t wmi_handle, uint32_t len);
 #endif
 
 /**
commit	9d1359fa510cbf6f18dd04b34afa224f8538a697	[log] [tgz]
author	Debasis Das <ddas@codeaurora.org>	Wed Apr 04 17:17:55 2018 +0530
committer	nshrivas <nshrivas@codeaurora.org>	Wed Jun 20 06:33:47 2018 -0700
tree	8d892b52f4a963206acb4c4b1171be8d54e2747e
parent	d9e3e9189aeb1ef390dd5b51314a598a041444e7 [diff] [blame]