Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 42c08285 authored by Harsh Sahu's avatar Harsh Sahu Committed by Bernhard Thoben
Browse files

msm: mdss: check buffer size before writing to user buffer 



Check the number of bytes to copy against the size of the
user buffer before copy to user to avoid buffer overflow.

Bug: 79422277
Change-Id: Icdd3d4e755deca19fa431e903620bd9e4c701c89
Signed-off-by: default avatarHarsh Sahu <hsahu@codeaurora.org>
Signed-off-by: default avatarSiqi Lin <siqilin@google.com>
(cherry picked from commit 0f94e29a9bced8b163b7057b777579182a81fa0c)
parent 10202544

drivers/video/msm/mdss/mdss_debug_xlog.c

+6 −1
Original line number Diff line number Diff line 
/* Copyright (c) 2014-2015, The Linux Foundation. All rights reserved.

/* Copyright (c) 2014-2016, 2018, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -546,6 +546,11 @@ static ssize_t mdss_xlog_dump_read(struct file *file, char __user *buff, 


	if (__mdss_xlog_dump_calc_range()) {

		len = mdss_xlog_dump_entry(xlog_buf, MDSS_XLOG_BUF_MAX);

		if (len < 0 || len > count) {

			pr_err("len is more than the size of user buffer\n");

			return 0;

		}



		if (copy_to_user(buff, xlog_buf, len))

			return -EFAULT;

		*ppos += len;