OSDN Git Service

(root) / sagit-ice-cold / kernel_xiaomi_msm8998.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 059df41)
qcom: ssr: Fix possible overflow when copying firmware name
authorSrinivasarao P <spathi@codeaurora.org>
Mon, 6 Jun 2016 07:03:50 +0000 (12:33 +0530)
committerPuja Gupta <pujag@codeaurora.org>
Thu, 4 Aug 2016 00:02:32 +0000 (17:02 -0700)
Array overflow can occur in firmware_name_store(), if the variable
buf contains the string larger than size of subsys->desc->fw_name

CRs-Fixed: 1050153
Change-Id: Ice39d7a1eb0b5f53125cc5d528021a99b9f7ff90
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org>
drivers/soc/qcom/subsystem_restart.c patch | blob | history

diff --git a/drivers/soc/qcom/subsystem_restart.c b/drivers/soc/qcom/subsystem_restart.c
index 32041c1..0ed8a65 100644 (file)
--- a/drivers/soc/qcom/subsystem_restart.c
+++ b/drivers/soc/qcom/subsystem_restart.c
@@ -268,7 +268,8 @@ static ssize_t firmware_name_store(struct device *dev,
 
        pr_info("Changing subsys fw_name to %s\n", buf);
        mutex_lock(&track->lock);
-       strlcpy(subsys->desc->fw_name, buf, count + 1);
+       strlcpy(subsys->desc->fw_name, buf,
+                       min(count + 1, sizeof(subsys->desc->fw_name)));
        mutex_unlock(&track->lock);
        return orig_count;
 }
Mirror: https://github.com/0ranko0P/kernel_xiaomi_msm8998/
About OSDN
Find Software
Develop Software
Help