DigiGoon/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "msm: adsprpc: Do length check to avoid arbitrary memory access"

Browse source
This commit is contained in:
qctecmdr 2021-02-28 22:04:15 -08:00 committed by Gerrit - the friendly Code Review server
commit d56d87abb0
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
drivers/char/adsprpc.c
View file

@ -2397,7 +2397,7 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx)
}
offset = buf_page_start(buf) - vma->vm_start;
up_read(&current->mm->mmap_sem);
VERIFY(err, offset < (uintptr_t)map->size);
VERIFY(err, offset + len <= (uintptr_t)map->size);
if (err) {
ADSPRPC_ERR(
"buffer address is invalid for the fd passed for %d address 0x%llx and size %zu\n",