Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 283584da authored by Srinivasarao P's avatar Srinivasarao P Committed by Neeraj Upadhyay
Browse files

qcom: ssr: Fix possible overflow when copying firmware name 



Array overflow can occur in firmware_name_store(), if the variable
buf contains the string larger than size of subsys->desc->fw_name

Change-Id: Ice39d7a1eb0b5f53125cc5d528021a99b9f7ff90
Signed-off-by: default avatarSrinivasarao P <spathi@codeaurora.org>
Signed-off-by: default avatarNeeraj Upadhyay <neeraju@codeaurora.org>
parent c44279d0

drivers/soc/qcom/subsystem_restart.c

+2 −1
Original line number Original line Diff line number Diff line
@@ -269,7 +269,8 @@ static ssize_t firmware_name_store(struct device *dev, 




	pr_info("Changing subsys fw_name to %s\n", buf);

	pr_info("Changing subsys fw_name to %s\n", buf);

	mutex_lock(&track->lock);

	mutex_lock(&track->lock);

	strlcpy(subsys->desc->fw_name, buf, count + 1);

	strlcpy(subsys->desc->fw_name, buf,

			min(count + 1, sizeof(subsys->desc->fw_name)));

	mutex_unlock(&track->lock);

	mutex_unlock(&track->lock);

	return orig_count;

	return orig_count;

}

}