diff options
| -rw-r--r-- | qcwcn/wifi_hal/llstats.cpp | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/qcwcn/wifi_hal/llstats.cpp b/qcwcn/wifi_hal/llstats.cpp index 407a6c3..50b8149 100644 --- a/qcwcn/wifi_hal/llstats.cpp +++ b/qcwcn/wifi_hal/llstats.cpp @@ -1151,10 +1151,19 @@ int LLStatsCommand::handleResponse(WifiEvent &reply) memset(pIfaceStat, 0, resultsBufSize); if(mResultsParams.iface_stat) { - memcpy ( pIfaceStat, mResultsParams.iface_stat, - sizeof(wifi_iface_stat)); - free (mResultsParams.iface_stat); - mResultsParams.iface_stat = pIfaceStat; + if(resultsBufSize >= sizeof(wifi_iface_stat)) { + memcpy ( pIfaceStat, mResultsParams.iface_stat, + sizeof(wifi_iface_stat)); + free (mResultsParams.iface_stat); + mResultsParams.iface_stat = pIfaceStat; + } else { + ALOGE("%s: numPeers = %u, num_rates= %u, " + "either numPeers or num_rates is invalid", + __FUNCTION__,numPeers,num_rates); + status = WIFI_ERROR_UNKNOWN; + free(pIfaceStat); + goto cleanup; + } } wifi_peer_info *pPeerStats; pIfaceStat->num_peers = numPeers; |