diff options
| author | Carl Huang <[email protected]> | 2020-08-14 10:10:27 +0300 |
|---|---|---|
| committer | Kalle Valo <[email protected]> | 2020-08-17 13:18:30 +0300 |
| commit | f44dd33e6336294df23ec61f1bbe37a372f5f130 (patch) | |
| tree | b39e3a1d8a2c2004975c94653fcecd5a3c132bf4 /tools/perf/scripts/python/exported-sql-viewer.py | |
| parent | 26f3a021b37ccca6c76c8c7c90ff684f8468e350 (diff) | |
ath11k: fix memory OOB access in qmi_decode
The decoded_size is wrongly assigned in ath11k_qmi_msg_handlers and it results
in out of boundary access in qmi_decode. The correct decoded_size should be
calculated from the related ind_msg structure.
This issue is exposed with QCA6390 because it needs 11 small memory chunks
which are stored in qmi_wlanfw_request_mem_ind_msg_v01 and hence the
decoded_size exceeds the wrongly assigend decoded_size.
Tested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2
Signed-off-by: Carl Huang <[email protected]>
Signed-off-by: Kalle Valo <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Diffstat (limited to 'tools/perf/scripts/python/exported-sql-viewer.py')
0 files changed, 0 insertions, 0 deletions