Loading drivers/char/diag/diag_dci.c +5 −5 Original line number Original line Diff line number Diff line Loading @@ -2076,9 +2076,9 @@ int diag_process_dci_transaction(unsigned char *buf, int len) uint8_t *event_mask_ptr; uint8_t *event_mask_ptr; struct diag_dci_client_tbl *dci_entry = NULL; struct diag_dci_client_tbl *dci_entry = NULL; if (!temp) { if (!temp || len < sizeof(int)) { pr_err("diag: Invalid buffer in %s\n", __func__); pr_err("diag: Invalid input in %s\n", __func__); return -ENOMEM; return -EINVAL; } } /* This is Pkt request/response transaction */ /* This is Pkt request/response transaction */ Loading Loading @@ -2134,7 +2134,7 @@ int diag_process_dci_transaction(unsigned char *buf, int len) count = 0; /* iterator for extracting log codes */ count = 0; /* iterator for extracting log codes */ while (count < num_codes) { while (count < num_codes) { if (read_len >= USER_SPACE_DATA) { if (read_len + sizeof(uint16_t) > len) { pr_err("diag: dci: Invalid length for log type in %s", pr_err("diag: dci: Invalid length for log type in %s", __func__); __func__); mutex_unlock(&driver->dci_mutex); mutex_unlock(&driver->dci_mutex); Loading Loading @@ -2248,7 +2248,7 @@ int diag_process_dci_transaction(unsigned char *buf, int len) pr_debug("diag: head of dci event mask %pK\n", event_mask_ptr); pr_debug("diag: head of dci event mask %pK\n", event_mask_ptr); count = 0; /* iterator for extracting log codes */ count = 0; /* iterator for extracting log codes */ while (count < num_codes) { while (count < num_codes) { if (read_len >= USER_SPACE_DATA) { if (read_len + sizeof(int) > len) { pr_err("diag: dci: Invalid length for event type in %s", pr_err("diag: dci: Invalid length for event type in %s", __func__); __func__); mutex_unlock(&driver->dci_mutex); mutex_unlock(&driver->dci_mutex); Loading drivers/char/diag/diag_dci.h +1 −1 Original line number Original line Diff line number Diff line Loading @@ -26,7 +26,7 @@ #define DISABLE_LOG_MASK 0 #define DISABLE_LOG_MASK 0 #define MAX_EVENT_SIZE 512 #define MAX_EVENT_SIZE 512 #define DCI_CLIENT_INDEX_INVALID -1 #define DCI_CLIENT_INDEX_INVALID -1 #define DCI_LOG_CON_MIN_LEN 14 #define DCI_LOG_CON_MIN_LEN 16 #define DCI_EVENT_CON_MIN_LEN 16 #define DCI_EVENT_CON_MIN_LEN 16 #define EXT_HDR_LEN 8 #define EXT_HDR_LEN 8 Loading Loading
drivers/char/diag/diag_dci.c +5 −5 Original line number Original line Diff line number Diff line Loading @@ -2076,9 +2076,9 @@ int diag_process_dci_transaction(unsigned char *buf, int len) uint8_t *event_mask_ptr; uint8_t *event_mask_ptr; struct diag_dci_client_tbl *dci_entry = NULL; struct diag_dci_client_tbl *dci_entry = NULL; if (!temp) { if (!temp || len < sizeof(int)) { pr_err("diag: Invalid buffer in %s\n", __func__); pr_err("diag: Invalid input in %s\n", __func__); return -ENOMEM; return -EINVAL; } } /* This is Pkt request/response transaction */ /* This is Pkt request/response transaction */ Loading Loading @@ -2134,7 +2134,7 @@ int diag_process_dci_transaction(unsigned char *buf, int len) count = 0; /* iterator for extracting log codes */ count = 0; /* iterator for extracting log codes */ while (count < num_codes) { while (count < num_codes) { if (read_len >= USER_SPACE_DATA) { if (read_len + sizeof(uint16_t) > len) { pr_err("diag: dci: Invalid length for log type in %s", pr_err("diag: dci: Invalid length for log type in %s", __func__); __func__); mutex_unlock(&driver->dci_mutex); mutex_unlock(&driver->dci_mutex); Loading Loading @@ -2248,7 +2248,7 @@ int diag_process_dci_transaction(unsigned char *buf, int len) pr_debug("diag: head of dci event mask %pK\n", event_mask_ptr); pr_debug("diag: head of dci event mask %pK\n", event_mask_ptr); count = 0; /* iterator for extracting log codes */ count = 0; /* iterator for extracting log codes */ while (count < num_codes) { while (count < num_codes) { if (read_len >= USER_SPACE_DATA) { if (read_len + sizeof(int) > len) { pr_err("diag: dci: Invalid length for event type in %s", pr_err("diag: dci: Invalid length for event type in %s", __func__); __func__); mutex_unlock(&driver->dci_mutex); mutex_unlock(&driver->dci_mutex); Loading
drivers/char/diag/diag_dci.h +1 −1 Original line number Original line Diff line number Diff line Loading @@ -26,7 +26,7 @@ #define DISABLE_LOG_MASK 0 #define DISABLE_LOG_MASK 0 #define MAX_EVENT_SIZE 512 #define MAX_EVENT_SIZE 512 #define DCI_CLIENT_INDEX_INVALID -1 #define DCI_CLIENT_INDEX_INVALID -1 #define DCI_LOG_CON_MIN_LEN 14 #define DCI_LOG_CON_MIN_LEN 16 #define DCI_EVENT_CON_MIN_LEN 16 #define DCI_EVENT_CON_MIN_LEN 16 #define EXT_HDR_LEN 8 #define EXT_HDR_LEN 8 Loading
