diff options
| author | Kevin Cernekee <cernekee@google.com> | 2015-09-02 02:39:29 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-09-02 02:39:29 +0000 |
| commit | 5e13633c3a36a0b80015b54d13b42fd337ef62ac (patch) | |
| tree | 83ed5d9656d1078f62ebb7f48e48c4feb6bdc28b | |
| parent | 7ae2edee9ca35f8db4198dfebe49423d2c8338b5 (diff) | |
| parent | e900b04a91fd87e4d706be7ae3499d5fb9995188 (diff) | |
| download | hardware_broadcom_wlan-5e13633c3a36a0b80015b54d13b42fd337ef62ac.zip hardware_broadcom_wlan-5e13633c3a36a0b80015b54d13b42fd337ef62ac.tar.gz hardware_broadcom_wlan-5e13633c3a36a0b80015b54d13b42fd337ef62ac.tar.bz2 | |
Merge "wifi_hal: Fix array overflow retrieving gscan results" into mnc-dr-dev
| -rw-r--r-- | bcmdhd/wifi_hal/gscan.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/bcmdhd/wifi_hal/gscan.cpp b/bcmdhd/wifi_hal/gscan.cpp index 8a21a0d..9f5669a 100644 --- a/bcmdhd/wifi_hal/gscan.cpp +++ b/bcmdhd/wifi_hal/gscan.cpp @@ -935,6 +935,10 @@ public: num = it2.get_u32(); ALOGV("retrieved num_results: %d", num); } else if (it2.get_type() == GSCAN_ATTRIBUTE_SCAN_RESULTS) { + if (mRetrieved >= mMax) { + ALOGW("Stored %d scans, ignoring excess results", mRetrieved); + break; + } num = it2.get_len() / sizeof(wifi_scan_result); num = min(MAX_RESULTS - mNextScanResult, num); num = min((int)MAX_AP_CACHE_PER_SCAN, num); @@ -956,9 +960,6 @@ public: &(mScanResults[mNextScanResult]), num * sizeof(wifi_scan_result)); mNextScanResult += num; mRetrieved++; - if (mRetrieved >= mMax && it.has_next()) { - ALOGW("Ignoring attributes after this scan"); - } } else { ALOGW("Ignoring invalid attribute type = %d, size = %d", it.get_type(), it.get_len()); |