Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d56d87ab authored by qctecmdr's avatar qctecmdr Committed by Gerrit - the friendly Code Review server
Browse files

Merge "msm: adsprpc: Do length check to avoid arbitrary memory access"

parents 1648c740 013c2977
Loading
Loading
Loading
Loading
+1 −1
Original line number Original line Diff line number Diff line
@@ -2397,7 +2397,7 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx)
				}
				}
				offset = buf_page_start(buf) - vma->vm_start;
				offset = buf_page_start(buf) - vma->vm_start;
				up_read(&current->mm->mmap_sem);
				up_read(&current->mm->mmap_sem);
				VERIFY(err, offset < (uintptr_t)map->size);
				VERIFY(err, offset + len <= (uintptr_t)map->size);
				if (err) {
				if (err) {
					ADSPRPC_ERR(
					ADSPRPC_ERR(
						"buffer address is invalid for the fd passed for %d address 0x%llx and size %zu\n",
						"buffer address is invalid for the fd passed for %d address 0x%llx and size %zu\n",