diff options
| author | Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> | 2023-04-20 10:17:58 +0000 |
|---|---|---|
| committer | Android Partner Code Review <android-gerrit-partner@google.com> | 2023-04-20 10:17:58 +0000 |
| commit | 43d7af1cff8eeafdc0a1369edfbb671225b4f574 (patch) | |
| tree | b6f26ec3631697731307be70b74665fd71745dc4 | |
| parent | 2594720d48f6c7b0e0caa90c147c5b22fc18b748 (diff) | |
| parent | efb7cbd8ff60dc9d1b98d9bd33c87594408ae7bb (diff) | |
| download | cnss2-43d7af1cff8eeafdc0a1369edfbb671225b4f574.tar.gz | |
Merge changes from topic "l10-wifi-2307MPR" into android13-gs-pixel-5.10-udcandroid-u-beta-3_r0.3android-u-beta-3_r0.2android-u-beta-2.1_r0.4android-u-beta-2.1_r0.3android-u-beta-2.1_r0.2android-gs-raviole-5.10-u-beta3android-gs-raviole-5.10-u-beta2android-gs-pantah-5.10-u-beta2android-gs-bluejay-5.10-u-beta3android-gs-bluejay-5.10-u-beta2
* changes:
cnss2: Add data length validation in cnss_wlfw_qdss_data_send_sync()
cnss2: Validate maximum number of memory segments
| -rw-r--r-- | cnss2/main.h | 5 | ||||
| -rw-r--r-- | cnss2/qmi.c | 3 |
2 files changed, 4 insertions, 4 deletions
diff --git a/cnss2/main.h b/cnss2/main.h index 0125237..0d45829 100644 --- a/cnss2/main.h +++ b/cnss2/main.h @@ -51,7 +51,6 @@ #define MAX_NO_OF_MAC_ADDR 4 #define QMI_WLFW_MAX_TIMESTAMP_LEN 32 -#define QMI_WLFW_MAX_NUM_MEM_SEG 32 #define QMI_WLFW_MAX_BUILD_ID_LEN 128 #define CNSS_RDDM_TIMEOUT_MS 20000 #define RECOVERY_TIMEOUT 60000 @@ -487,7 +486,7 @@ struct cnss_plat_data { char fw_build_id[QMI_WLFW_MAX_BUILD_ID_LEN + 1]; u32 otp_version; u32 fw_mem_seg_len; - struct cnss_fw_mem fw_mem[QMI_WLFW_MAX_NUM_MEM_SEG]; + struct cnss_fw_mem fw_mem[QMI_WLFW_MAX_NUM_MEM_SEG_V01]; struct cnss_fw_mem m3_mem; struct cnss_fw_mem *cal_mem; u64 cal_time; @@ -495,7 +494,7 @@ struct cnss_plat_data { u32 cal_file_size; struct completion daemon_connected; u32 qdss_mem_seg_len; - struct cnss_fw_mem qdss_mem[QMI_WLFW_MAX_NUM_MEM_SEG]; + struct cnss_fw_mem qdss_mem[QMI_WLFW_MAX_NUM_MEM_SEG_V01]; u32 *qdss_reg; struct cnss_pin_connect_result pin_result; struct dentry *root_dentry; diff --git a/cnss2/qmi.c b/cnss2/qmi.c index 1b9f388..dba4215 100644 --- a/cnss2/qmi.c +++ b/cnss2/qmi.c @@ -1143,7 +1143,8 @@ int cnss_wlfw_qdss_data_send_sync(struct cnss_plat_data *plat_priv, char *file_n resp->total_size == total_size) && (resp->seg_id_valid == 1 && resp->seg_id == req->seg_id) && (resp->data_valid == 1 && - resp->data_len <= QMI_WLFW_MAX_DATA_SIZE_V01)) { + resp->data_len <= QMI_WLFW_MAX_DATA_SIZE_V01) && + resp->data_len <= remaining) { memcpy(p_qdss_trace_data_temp, resp->data, resp->data_len); } else { |