Commit 21587a9b authored by Shahar S Matityahu's avatar Shahar S Matityahu Committed by Luca Coelho

iwlwifi: dbg: buffer overflow in non_collect_ts_start array

The size of the buffer is IWL_FW_TRIGGER_ID_NUM - 1 which is equal to
IWL_FW_TRIGGER_ID_HOST_CHANNEL_SWITCH_COMPLETE so if the driver receives
this trigger, it will cause a buffer overflow.

Solve this by increasing the buffer size by 1.
Signed-off-by: default avatarShahar S Matityahu <shahar.s.matityahu@intel.com>
Fixes: fe1b7d6c ("iwlwifi: add support for triggering ini triggers")
Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
parent a197e6d1
...@@ -138,7 +138,7 @@ struct iwl_fw_runtime { ...@@ -138,7 +138,7 @@ struct iwl_fw_runtime {
u8 conf; u8 conf;
/* ts of the beginning of a non-collect fw dbg data period */ /* ts of the beginning of a non-collect fw dbg data period */
unsigned long non_collect_ts_start[IWL_FW_TRIGGER_ID_NUM - 1]; unsigned long non_collect_ts_start[IWL_FW_TRIGGER_ID_NUM];
u32 *d3_debug_data; u32 *d3_debug_data;
struct iwl_fw_ini_region_cfg *active_regs[IWL_FW_INI_MAX_REGION_ID]; struct iwl_fw_ini_region_cfg *active_regs[IWL_FW_INI_MAX_REGION_ID];
struct iwl_fw_ini_active_triggers active_trigs[IWL_FW_TRIGGER_ID_NUM]; struct iwl_fw_ini_active_triggers active_trigs[IWL_FW_TRIGGER_ID_NUM];
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment