Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1148c445 authored by Harsh Sahu's avatar Harsh Sahu
Browse files

msm: sde: check buffer size before writing to user buffer 



Check the number of bytes to copy against the size of the
user buffer before copy to user to avoid buffer overflow.

Change-Id: I95083227cfefaf1a81815296145b0c370127e061
Signed-off-by: default avatarHarsh Sahu <hsahu@codeaurora.org>
parent 3afabc36

drivers/media/platform/msm/sde/rotator/sde_rotator_debug.c

+6 −1
Original line number Diff line number Diff line 
/* Copyright (c) 2015-2017, The Linux Foundation. All rights reserved.

/* Copyright (c) 2015-2018, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -568,6 +568,11 @@ static ssize_t sde_rot_evtlog_dump_read(struct file *file, char __user *buff, 
	if (__sde_rot_evtlog_dump_calc_range()) {

		len = sde_rot_evtlog_dump_entry(evtlog_buf,

				SDE_ROT_EVTLOG_BUF_MAX);

		if (len < 0 || len > count) {

			pr_err("len is more than the user buffer size\n");

			return 0;

		}



		if (copy_to_user(buff, evtlog_buf, len))

			return -EFAULT;

		*ppos += len;