diff options
| author | CNSS_WLAN Service <cnssbldsw@qualcomm.com> | 2021-01-12 15:12:48 -0800 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2021-01-12 15:12:48 -0800 |
| commit | 907f50448985fb19c517b2e6cd36e18e1be5802c (patch) | |
| tree | ab6480261fcc4c9535eac66a20f1ac05eb7de77a | |
| parent | 75a00b06c80ac40d2ce763c50f3eb612ecdad37b (diff) | |
| parent | a583ac40d9d685e3015e35e1cfaf8cc48eba96ae (diff) | |
Merge "llstats: Add negative length check befor memcpy" into wlan-aosp.lnx.6.0
| -rw-r--r-- | qcwcn/wifi_hal/llstats.cpp | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/qcwcn/wifi_hal/llstats.cpp b/qcwcn/wifi_hal/llstats.cpp index b02da62..fc36df9 100644 --- a/qcwcn/wifi_hal/llstats.cpp +++ b/qcwcn/wifi_hal/llstats.cpp @@ -1152,10 +1152,19 @@ int LLStatsCommand::handleResponse(WifiEvent &reply) memset(pIfaceStat, 0, resultsBufSize); if(mResultsParams.iface_stat) { - memcpy ( pIfaceStat, mResultsParams.iface_stat, - sizeof(wifi_iface_stat)); - free (mResultsParams.iface_stat); - mResultsParams.iface_stat = pIfaceStat; + if(resultsBufSize > sizeof(wifi_iface_stat)) { + memcpy ( pIfaceStat, mResultsParams.iface_stat, + sizeof(wifi_iface_stat)); + free (mResultsParams.iface_stat); + mResultsParams.iface_stat = pIfaceStat; + } else { + ALOGE("%s: numPeers = %u, num_rates= %u, " + "either numPeers or num_rates is invalid", + __FUNCTION__,numPeers,num_rates); + status = WIFI_ERROR_UNKNOWN; + free(pIfaceStat); + goto cleanup; + } } wifi_peer_info *pPeerStats; pIfaceStat->num_peers = numPeers; |