Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f555e9e4 authored by Manoj Prabhu B's avatar Manoj Prabhu B Committed by Madhab Sharma
Browse files

memshare: Prevent possible integer overflow 



Prevent possible integer overflow by sanitizing the alloc request
size coming from the client against allottable amount of memory.

Change-Id: I74cb0f7b0808f20299586969fd5c810d44c3e576
Signed-off-by: default avatarManoj Prabhu B <quic_bmanoj@quicinc.com>
Signed-off-by: default avatarMadhab Sharma <quic_madhshar@quicinc.com>
parent 301c6b0c

drivers/soc/qcom/memshare/msm_memshare.c

+6 −2
Original line number Original line Diff line number Diff line
@@ -494,8 +494,12 @@ static void handle_alloc_generic_req(struct qmi_handle *handle, 
		}

		}

	}

	}





	if (!memblock[index].allotted) {

	if (!memblock[index].allotted && alloc_req->num_bytes > 0) {

		if (memblock[index].guard_band && alloc_req->num_bytes > 0)



		if (alloc_req->num_bytes > memblock[index].init_size)

			alloc_req->num_bytes = memblock[index].init_size;



		if (memblock[index].guard_band)

			size = alloc_req->num_bytes + MEMSHARE_GUARD_BYTES;

			size = alloc_req->num_bytes + MEMSHARE_GUARD_BYTES;

		else

		else

			size = alloc_req->num_bytes;

			size = alloc_req->num_bytes;