Array overflow can occur in firmware_name_store(), if the variable
buf contains the string larger than size of subsys->desc->fw_name
CRs-Fixed:
1050153
Change-Id: Ice39d7a1eb0b5f53125cc5d528021a99b9f7ff90
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org>
pr_info("Changing subsys fw_name to %s\n", buf);
mutex_lock(&track->lock);
- strlcpy(subsys->desc->fw_name, buf, count + 1);
+ strlcpy(subsys->desc->fw_name, buf,
+ min(count + 1, sizeof(subsys->desc->fw_name)));
mutex_unlock(&track->lock);
return orig_count;
}