qcacld-2.0: Avoid integer overflow in lim_update_ibss_prop_add_ies
In function lim_update_ibss_prop_add_ies size of a malloc is based on sum of two integers. Add check for integer overflow before malloc. Change-Id: I53ad59f0a38b102d714fa8cfe9471b52935d8376 CRs-Fixed: 2116415
This commit is contained in:
parent
31311f3a45
commit
2edeb9e6fe
|
@ -6575,8 +6575,17 @@ limUpdateIBssPropAddIEs(tpAniSirGlobal pMac, tANI_U8 **pDstData_buff,
|
|||
vos_mem_copy(vendor_ie, pModifyIE->pIEBuffer,
|
||||
pModifyIE->ieBufferlength);
|
||||
} else {
|
||||
uint16_t new_length = pModifyIE->ieBufferlength + *pDstDataLen;
|
||||
uint8_t *new_ptr = vos_mem_malloc(new_length);
|
||||
uint8_t *new_ptr;
|
||||
uint16_t new_length;
|
||||
|
||||
if (USHRT_MAX - pModifyIE->ieBufferlength < *pDstDataLen) {
|
||||
limLog(pMac,LOGE,FL("U16 overflow due to %d + %d"),
|
||||
pModifyIE->ieBufferlength, *pDstDataLen);
|
||||
return false;
|
||||
}
|
||||
|
||||
new_length = pModifyIE->ieBufferlength + *pDstDataLen;
|
||||
new_ptr = vos_mem_malloc(new_length);
|
||||
|
||||
if (NULL == new_ptr) {
|
||||
limLog(pMac, LOGE, FL("Memory allocation failed."));
|
||||
|
|
Loading…
Reference in New Issue