Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 30cc8bc2 authored by Manoj Prabhu B's avatar Manoj Prabhu B Committed by Michael Bestas
Browse files

BACKPORT: memshare: Prevent possible integer overflow 



Prevent possible integer overflow by sanitizing the alloc request
size coming from the client against allottable amount of memory.

Change-Id: I74cb0f7b0808f20299586969fd5c810d44c3e576
Signed-off-by: default avatarManoj Prabhu B <quic_bmanoj@quicinc.com>
Signed-off-by: default avatarMichael Bestas <mkbestas@lineageos.org>
parent 7b3f40eb

drivers/soc/qcom/memshare/msm_memshare.c

+6 −2
Original line number Diff line number Diff line
@@ -481,8 +481,12 @@ static void handle_alloc_generic_req(struct qmi_handle *handle, 
		return;

	}



	if (!memblock[client_id].allotted) {

		if (memblock[client_id].guard_band && alloc_req->num_bytes > 0)

	if (!memblock[client_id].allotted && alloc_req->num_bytes > 0) {



		if (alloc_req->num_bytes > memblock[client_id].init_size)

			alloc_req->num_bytes = memblock[client_id].init_size;



		if (memblock[client_id].guard_band)

			size = alloc_req->num_bytes + MEMSHARE_GUARD_BYTES;

		else

			size = alloc_req->num_bytes;