Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

qcacld-2.0: Fix potential double free in wma_log_supported_evt_handler 

propagation from qcacld-3.0 to qcacld-2.0

In wma_log_supported_evt_handler, events_logs_list in
wma handle is freed if previously allocated. If the
num_of_diag_events_logs exceeds the max size, we exit
from the function early without allocating memory for
events_logs_list. This can result in potential double
free scenario if we receive another DIAG_EVENT_LOG_SUPPORTED
event from firmware.

Fix is to set events_logs_list pointer to NULL after
freeing memory.

Change-Id: I9d6148dfc064d87e2947d1b5ec4492c08913dd4c
CRs-Fixed: 2482603
This commit is contained in:
Paul Zhang 2019-07-04 10:47:20 +08:00 committed by L R
parent f9b7408072
commit 378c9d3f25
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/net/wireless/qcacld-2.0/CORE/SERVICES/WMA/wma.c
View File

@ -20199,8 +20199,10 @@ static int wma_log_supported_evt_handler(void *handle,
}
/* Free any previous allocation */
if (wma->events_logs_list)
if (wma->events_logs_list) {
vos_mem_free(wma->events_logs_list);
wma->events_logs_list = NULL;
}
/* Store the event list for run time enable/disable */
wma->events_logs_list = vos_mem_malloc(num_of_diag_events_logs *