evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

icnss: Add size check before assigning msa permission

Browse source 
While assigning msa permission, number of memory region is passed
as an argument within platform private data. This number could
exceed the range of memory region buffer that preallocated. Hence
add size check before accessing region buffer.

Change-Id: I45f4efc7edaa636c861458dab74b1956767d2019
CRs-Fixed: 2101134
Signed-off-by: Yuanyuan Liu <yuanliu@codeaurora.org>
This commit is contained in:
Yuanyuan Liu 2017-09-01 10:34:25 -07:00 committed by Gerrit - the friendly Code Review server
parent 55cc722ec6
commit d49bcf2440
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
drivers/soc/qcom/icnss.c
View file

@ -563,6 +563,12 @@ static int icnss_assign_msa_perm_all(struct icnss_priv *priv,
int i;
enum icnss_msa_perm old_perm;
if (priv->nr_mem_region > QMI_WLFW_MAX_NUM_MEMORY_REGIONS_V01) {
icnss_pr_err("Invalid memory region len %d\n",
priv->nr_mem_region);
return -EINVAL;
}
for (i = 0; i < priv->nr_mem_region; i++) {
old_perm = priv->mem_region[i].perm;
ret = icnss_assign_msa_perm(&priv->mem_region[i], new_perm);