Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6e701a80 authored by qctecmdr's avatar qctecmdr Committed by Gerrit - the friendly Code Review server
Browse files

Merge "msm: adsprpc: Do length check to avoid arbitrary memory access"

parents 7c7c239c e61ba983

drivers/char/adsprpc.c

+2 −1
Original line number Diff line number Diff line
@@ -1846,7 +1846,8 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx) 
				}

				offset = buf_page_start(buf) - vma->vm_start;

				up_read(&current->mm->mmap_sem);

				VERIFY(err, offset < (uintptr_t)map->size);

				VERIFY(err,

					offset + len <= (uintptr_t)map->size);

				if (err)

					goto bail;

			}