Loading drivers/misc/qseecom.c +4 −2 Original line number Original line Diff line number Diff line Loading @@ -6870,9 +6870,11 @@ static int __qseecom_update_qteec_req_buf(struct qseecom_qteec_modfd_req *req, for (i = 0; i < MAX_ION_FD; i++) { for (i = 0; i < MAX_ION_FD; i++) { if (req->ifd_data[i].fd > 0) { if (req->ifd_data[i].fd > 0) { ion_fd = req->ifd_data[i].fd; ion_fd = req->ifd_data[i].fd; if ((req->req_len < sizeof(uint32_t)) || if ((req->req_len < sizeof(struct qseecom_param_memref)) || (req->ifd_data[i].cmd_buf_offset > (req->ifd_data[i].cmd_buf_offset > req->req_len - sizeof(uint32_t))) { req->req_len - sizeof(struct qseecom_param_memref))) { pr_err("Invalid offset/req len 0x%x/0x%x\n", pr_err("Invalid offset/req len 0x%x/0x%x\n", req->req_len, req->req_len, req->ifd_data[i].cmd_buf_offset); req->ifd_data[i].cmd_buf_offset); Loading Loading
drivers/misc/qseecom.c +4 −2 Original line number Original line Diff line number Diff line Loading @@ -6870,9 +6870,11 @@ static int __qseecom_update_qteec_req_buf(struct qseecom_qteec_modfd_req *req, for (i = 0; i < MAX_ION_FD; i++) { for (i = 0; i < MAX_ION_FD; i++) { if (req->ifd_data[i].fd > 0) { if (req->ifd_data[i].fd > 0) { ion_fd = req->ifd_data[i].fd; ion_fd = req->ifd_data[i].fd; if ((req->req_len < sizeof(uint32_t)) || if ((req->req_len < sizeof(struct qseecom_param_memref)) || (req->ifd_data[i].cmd_buf_offset > (req->ifd_data[i].cmd_buf_offset > req->req_len - sizeof(uint32_t))) { req->req_len - sizeof(struct qseecom_param_memref))) { pr_err("Invalid offset/req len 0x%x/0x%x\n", pr_err("Invalid offset/req len 0x%x/0x%x\n", req->req_len, req->req_len, req->ifd_data[i].cmd_buf_offset); req->ifd_data[i].cmd_buf_offset); Loading
