msm: kgsl: Fix overflow in sharedmem cache range operation function

There could be possibility of integer overflow on adding size with maximum offset bytes and result in a value smaller than maximum memdesc size. CRs-Fixed: 1082914 Change-Id: Ie66b3a8ca2ca418a4a52f65987266b8d580c121f Signed-off-by: Sudeep Yedalapure <sudeepy@codeaurora.org>
2016-11-04 21:47:41 +05:30 · 2016-11-04 21:47:41 +05:30 · b63c4eb6c7
commit b63c4eb6c7
parent e1f711f8e0
1 changed files with 3 additions and 4 deletions
--- a/drivers/gpu/msm/kgsl_sharedmem.c
+++ b/drivers/gpu/msm/kgsl_sharedmem.c
@ -574,12 +574,11 @@ int kgsl_cache_range_op(struct kgsl_memdesc *memdesc, uint64_t offset,
 	void *addr = (memdesc->hostptr) ?
 		memdesc->hostptr : (void *) memdesc->useraddr;

-	/* Make sure that size is non-zero */
-	if (!size)
+	if (size == 0 || size > UINT_MAX)
 		return -EINVAL;

-	/* Make sure that the offset + size isn't bigger than we can handle */
-	if ((offset + size) > ULONG_MAX)
+	/* Make sure that the offset + size does not overflow */
+	if ((offset + size < offset) || (offset + size < size))
 		return -ERANGE;

 	/* Make sure the offset + size do not overflow the address */