Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4c7abf2a authored by Jeya R's avatar Jeya R Committed by Gerrit - the friendly Code Review server
Browse files

msm: ADSPRPC: Map and FD non-NULL check before dereferencing 



When fd is zero, we set context fds to NULL. This will avoid
calling map create for context. Proper check is required
to avoid dereferencing of map and fd.

Change-Id: Id8d4b93d7d999e14ac1ebd8291137f799a73cf1a
Acked-by: default avatarEkansh Gupta <ekangupt@qti.qualcomm.com>
Signed-off-by: default avatarJeya R <jeyr@codeaurora.org>
parent 390fd0c3

drivers/char/adsprpc.c

+6 −4
Original line number Diff line number Diff line
@@ -1635,10 +1635,11 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx) 
	PERF_END);

	for (i = bufs; i < bufs + handles; ++i) {

		struct fastrpc_mmap *map = ctx->maps[i];



		if (map) {

			pages[i].addr = map->phys;

			pages[i].size = map->size;

		}

	}

	if (!me->legacy) {

		fdlist = (uint64_t *)&pages[bufs + handles];

		for (i = 0; i < M_FDLIST; i++)
@@ -1718,6 +1719,7 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx) 
	}

	PERF_END);

	for (i = bufs; rpra && lrpra && i < bufs + handles; i++) {

		if (ctx->fds)

			rpra[i].dma.fd = lrpra[i].dma.fd = ctx->fds[i];

		rpra[i].dma.len = lrpra[i].dma.len = (uint32_t)lpra[i].buf.len;

		rpra[i].dma.offset = lrpra[i].dma.offset =