Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 1b598105 authored by Skylar Chang's avatar Skylar Chang Committed by Mohammed Javid
Browse files

msm: IPA: add the check on intf query 



The ipa_ioc_query_intf_rx_props structure comes
from the ioctl handler, and it is verified that
the size of rx buffer does not exceed the
IPA_NUM_PROPS_MAX elements. It is also verified
that the "entry->rx" buffer does not exceed
IPA_NUM_PROPS_MAX when "entry" is allocated.
However, the sizes of the buffer "rx->rx" and
the buffer "entry->rx" are not guaranteed to
be the same and will lead memory corruption
issue. The fix is to add the check before
memcpy.

Change-Id: Idf5c2d32f47c1a1cffeaa5607193855188893ddb
Acked-by: default avatarAshok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: default avatarSkylar Chang <chiaweic@codeaurora.org>
Signed-off-by: default avatarMohammed Javid <mjavid@codeaurora.org>
parent ffd90498
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment