From 9ddd05897c84e630bf15e8efbe88773c7544a2c0 Mon Sep 17 00:00:00 2001 From: raghavendra ambadas Date: Wed, 24 Jul 2019 14:23:45 +0530 Subject: [PATCH] drm/msm/dsi-staging: Add length check before copying to user space Add a check to make sure that the length of bytes copied to the destination buffer doesn't exceed the requested buffer count before calling the copy_to_user to avoid buffer overflow. Change-Id: Ice834a9e024b09f3b6041399ff55dec00e75b9ef Signed-off-by: Raghavendra Ambadas --- drivers/gpu/drm/msm/dsi-staging/dsi_ctrl.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/msm/dsi-staging/dsi_ctrl.c b/drivers/gpu/drm/msm/dsi-staging/dsi_ctrl.c index 252a6289881f..75543c768d45 100644 --- a/drivers/gpu/drm/msm/dsi-staging/dsi_ctrl.c +++ b/drivers/gpu/drm/msm/dsi-staging/dsi_ctrl.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2018, The Linux Foundation. All rights reserved. + * Copyright (c) 2016-2019, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -123,6 +123,9 @@ static ssize_t debugfs_state_info_read(struct file *file, dsi_ctrl->clk_info.link_clks.pixel_clk_rate, dsi_ctrl->clk_info.link_clks.esc_clk_rate); + if (len > count) + len = count; + /* TODO: make sure that this does not exceed 4K */ if (copy_to_user(buff, buf, len)) { kfree(buf); @@ -162,6 +165,9 @@ static ssize_t debugfs_reg_dump_read(struct file *file, "Core clocks are not turned on, cannot read\n"); } + if (len > count) + len = count; + /* TODO: make sure that this does not exceed 4K */ if (copy_to_user(buff, buf, len)) { kfree(buf);