diff --git a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c index 006f89bb9124bb8abc0f63d9e875aaca3166f996..1c7e3fdb5923dd7337314a9dde1cc91147ddd10a 100644 --- a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c +++ b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c @@ -5264,6 +5264,14 @@ static int wma_unified_power_debug_stats_event_handler(void *handle, return -EINVAL; } + if (param_buf->num_debug_register > ((WMA_SVC_MSG_MAX_SIZE - + sizeof(wmi_pdev_chip_power_stats_event_fixed_param)) / + sizeof(uint32_t))) { + WMA_LOGE("excess payload: LEN num_debug_register:%u", + param_buf->num_debug_register); + return -EINVAL; + } + debug_registers = param_tlvs->debug_registers; stats_registers_len = (sizeof(uint32_t) * param_buf->num_debug_register);