From 1e078ae57df9b1ea616786d0b673e7940f413808 Mon Sep 17 00:00:00 2001
From: "chengshuo.wang" <chengshuo.wang@amlogic.com>
Date: Wed, 12 Apr 2023 19:18:55 +0800
Subject: [PATCH] wifi: fix KASCAN err [1/1]

PD#SWPL-118411

Problem:
BUG: KASAN: vmalloc-out-of-bounds in dhdsdio_download_firmware

Solution:
fix KASCAN err

Verify:
t7_an400

Change-Id: I50a4895e5f727115693a4290209f3b737fb22be7
Signed-off-by: chengshuo.wang <chengshuo.wang@amlogic.com>
---
 bcmdhd.101.10.361.x/dhd_common.c | 4 ++--
 bcmdhd.101.10.361.x/dhd_config.c | 2 +-
 bcmdhd.101.10.361.x/dhd_sdio.c   | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bcmdhd.101.10.361.x/dhd_common.c b/bcmdhd.101.10.361.x/dhd_common.c
index 7c83e58..2c465d3 100755
--- a/bcmdhd.101.10.361.x/dhd_common.c
+++ b/bcmdhd.101.10.361.x/dhd_common.c
@@ -7848,7 +7848,7 @@ int dhd_get_download_buffer(dhd_pub_t	*dhd, char *file_path, download_type_t com
 					*length = fw->size;
 					goto err;
 				}
-				*buffer = VMALLOCZ(dhd->osh, fw->size);
+				*buffer = VMALLOCZ(dhd->osh, *length);
 				if (*buffer == NULL) {
 					DHD_ERROR(("%s: Failed to allocate memory %d bytes\n",
 						__FUNCTION__, (int)fw->size));
@@ -8360,7 +8360,7 @@ dhd_apply_default_clm(dhd_pub_t *dhd, char *clm_path)
 	len = MAX_CLM_BUF_SIZE;
 	dhd_get_download_buffer(dhd, clm_blob_path, CLM_BLOB, &memblock, &len);
 #ifdef DHD_LINUX_STD_FW_API
-	memblock_len = len;
+	memblock_len = MAX_CLM_BUF_SIZE;
 #else
 	memblock_len = MAX_CLM_BUF_SIZE;
 #endif /* DHD_LINUX_STD_FW_API */
diff --git a/bcmdhd.101.10.361.x/dhd_config.c b/bcmdhd.101.10.361.x/dhd_config.c
index 457e29b..a91aecc 100755
--- a/bcmdhd.101.10.361.x/dhd_config.c
+++ b/bcmdhd.101.10.361.x/dhd_config.c
@@ -4674,7 +4674,7 @@ dhd_conf_read_config(dhd_pub_t *dhd, char *conf_path)
 	}
 
 #ifdef DHD_LINUX_STD_FW_API
-	memblock_len = len;
+	memblock_len = MAXSZ_CONFIG;
 #else
 	memblock_len = MAXSZ_CONFIG;
 #endif /* DHD_LINUX_STD_FW_API */
diff --git a/bcmdhd.101.10.361.x/dhd_sdio.c b/bcmdhd.101.10.361.x/dhd_sdio.c
index b59c9de..bda7b2c 100755
--- a/bcmdhd.101.10.361.x/dhd_sdio.c
+++ b/bcmdhd.101.10.361.x/dhd_sdio.c
@@ -10685,7 +10685,7 @@ dhdsdio_download_nvram(struct dhd_bus *bus)
 		goto err;
 
 #ifdef DHD_LINUX_STD_FW_API
-	memblock_len = len;
+	memblock_len = MAX_NVRAMBUF_SIZE;
 #else
 	memblock_len = MAX_NVRAMBUF_SIZE;
 #endif /* DHD_LINUX_STD_FW_API */
-- 
2.20.1