Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fde778c1 authored by Abhilash Kumar's avatar Abhilash Kumar Committed by Gerrit - the friendly Code Review server
Browse files

msm: kgsl: Fix integer overflow in _load_gpmu_firmware 



There is a possibility of integer overflow in the arithmetic
calculation for cmd_size. Fix this by adding checks for such
arithmetic.

Change-Id: I2298a32f8ba3411decb29f55bb7b55e2214de35a
Signed-off-by: default avatarAbhilash Kumar <krabhi@codeaurora.org>
parent d4a64626

drivers/gpu/msm/adreno_a5xx.c

+4 −0
Original line number Diff line number Diff line
@@ -715,6 +715,10 @@ static int _load_gpmu_firmware(struct adreno_device *adreno_dev) 
	if (ret)

		goto err;



	/* Integer overflow check for cmd_size */

	if (data[2] > (data[0] - 2))

		goto err;



	cmds = data + data[2] + 3;

	cmd_size = data[0] - data[2] - 2;