lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

memshare: Prevent possible integer overflow

Browse Source 
Prevent possible integer overflow by sanitizing the alloc request
size coming from the client against allottable amount of memory.

Change-Id: I74cb0f7b0808f20299586969fd5c810d44c3e576
Signed-off-by: Manoj Prabhu B <quic_bmanoj@quicinc.com>
Signed-off-by: Madhab Sharma <quic_madhshar@quicinc.com>
This commit is contained in:
Manoj Prabhu B 2023-10-09 12:32:30 +05:30 committed by Madhab Sharma
parent 301c6b0cba
commit f555e9e4ad
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/soc/qcom/memshare/msm_memshare.c
View File

@ -494,8 +494,12 @@ static void handle_alloc_generic_req(struct qmi_handle *handle,
}
}
if (!memblock[index].allotted) {
if (memblock[index].guard_band && alloc_req->num_bytes > 0)
if (!memblock[index].allotted && alloc_req->num_bytes > 0) {
if (alloc_req->num_bytes > memblock[index].init_size)
alloc_req->num_bytes = memblock[index].init_size;
if (memblock[index].guard_band)
size = alloc_req->num_bytes + MEMSHARE_GUARD_BYTES;
else
size = alloc_req->num_bytes;