Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 19e1fa81 authored by Jia Ding's avatar Jia Ding Committed by Gerrit - the friendly Code Review server
Browse files

cnss2: Fix potential null dereference and buffer overrun 



plat_priv is dereferenced before NULL check.
Thus fix it by first doing the NULL check and then dereference.

In bypass_bdf path, temp is set to DUMMY_BDF_FILE_NAME and
remaining is set to MAX_FIRMWARE_NAME_LEN. Since
MAX_FIRMWARE_NAME_LEN is larger than length of temp buffer,
memcpy will lead to a out-of-bounds access. Thus fix it
by properly setting remaining.

Change-Id: I650bb743f3d603dec43ae1e291226af67477357f
Signed-off-by: default avatarJia Ding <jiad@codeaurora.org>
parent a89210c1
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment