diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-10-15 01:22:14 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-10-15 01:22:14 +0000 |
| commit | 3de50bb8563a73c58aac74ea3b3adc81a1f05690 (patch) | |
| tree | eda97cda3e22760bf89d9b8a1c42f170f6ed679c | |
| parent | fa392f6e5d45d164e302744a318fdb6321fc0c00 (diff) | |
| parent | c311506bbaa4efc7cd0cf0e0ecba4b9920f7cebc (diff) | |
| download | wlan-3de50bb8563a73c58aac74ea3b3adc81a1f05690.tar.gz | |
Snap for 9178587 from c311506bbaa4efc7cd0cf0e0ecba4b9920f7cebc to tm-qpr2-release
Change-Id: I18c6ea1af0b81c0b4b02907eda5e8befc0cd8ac2
| -rwxr-xr-x | bcmdhd/wifi_hal/wifi_logger.cpp | 51 |
1 files changed, 46 insertions, 5 deletions
diff --git a/bcmdhd/wifi_hal/wifi_logger.cpp b/bcmdhd/wifi_hal/wifi_logger.cpp index 4d2d8dd..36f4202 100755 --- a/bcmdhd/wifi_hal/wifi_logger.cpp +++ b/bcmdhd/wifi_hal/wifi_logger.cpp @@ -1035,6 +1035,12 @@ wifi_error wifi_start_logging(wifi_interface_handle iface, u32 verbose_level, } } +typedef struct { + u32 magic; + int num_entries; +} __attribute__((packed)) wifi_ring_buffer_entry_pack; + +#define WIFI_RING_BUFFER_PACK_MAGIC 0xDBAADBAA /////////////////////////////////////////////////////////////////////////////// class SetLogHandler : public WifiCommand @@ -1153,11 +1159,46 @@ public: if (mHandler.on_ring_buffer_data) { /* Skip msg header. Retrieved log */ char *pBuff; - wifi_ring_buffer_entry *buffer_entry = - (wifi_ring_buffer_entry *) buffer; - pBuff = (char *) (buffer_entry + 1); - (*mHandler.on_ring_buffer_data)((char *)status.name, pBuff, - buffer_entry->entry_size, &status); + int num_entries; + int cur_off = 0; + wifi_ring_buffer_entry_pack *pack_hdr = + (wifi_ring_buffer_entry_pack *)buffer; + wifi_ring_buffer_entry *entry_hdr = + (wifi_ring_buffer_entry *)(buffer + sizeof(*pack_hdr)); + cur_off += sizeof(*pack_hdr); + + if (pack_hdr->magic != WIFI_RING_BUFFER_PACK_MAGIC) { + ALOGE("SetLogHandler: magic code is not matched " + "magic:%u ring_name:%s\n", pack_hdr->magic, status.name); + return NL_SKIP; + } + + num_entries = pack_hdr->num_entries; + + while (num_entries > 0) { + /* Check for accesses that exceed the total buffer size */ + if (cur_off + sizeof(*entry_hdr) + entry_hdr->entry_size > buffer_size) { + ALOGE("SetLogHandler: detected invalid access " + "num_entries:%d cur_num:%d buffer_size:%d cur_off:%d " + "hdrsize:%lu entry_size:%d ring_name:%s\n", + pack_hdr->num_entries, num_entries, buffer_size, cur_off, + sizeof(*entry_hdr), entry_hdr->entry_size, status.name); + return NL_SKIP; + } + + /* Copy buffer without hdr to the ringbuffer in LegacyHAL */ + pBuff = (char *)entry_hdr + sizeof(*entry_hdr); + (*mHandler.on_ring_buffer_data)((char *)status.name, pBuff, + entry_hdr->entry_size, &status); + + cur_off += sizeof(*entry_hdr) + entry_hdr->entry_size; + + /* jump to next entry_hdr */ + entry_hdr = (wifi_ring_buffer_entry *)((char *)entry_hdr + sizeof(*entry_hdr) + entry_hdr->entry_size); + + num_entries--; + } + } } else { ALOGE("Unknown Event"); |