Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6018f9f8 authored by Maulik Shah's avatar Maulik Shah
Browse files

soc: qcom: rpm_master_stat: Fix buffer overflow 



Buffer overflow can happen when finding next set bit
due to type casting of uint32_t to unsigned long.

Fix this to correctly print number of active cores in
rpm_master_stat.

Change-Id: Ibeacc5ac66535e373965d8f8e4919829367cc257
Signed-off-by: default avatarMaulik Shah <mkshah@codeaurora.org>
parent f5c81bb5

drivers/soc/qcom/rpm_master_stat.c

+5 −5
Original line number Diff line number Diff line 
/* Copyright (c) 2012-2014, 2016 The Linux Foundation. All rights reserved.

/* Copyright (c) 2012-2014, 2016-2017 The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -96,6 +96,7 @@ static int msm_rpm_master_copy_stats( 
	int count, j = 0;

	char *buf;

	static DEFINE_MUTEX(msm_rpm_master_stats_mutex);

	unsigned long active_cores;



	mutex_lock(&msm_rpm_master_stats_mutex);
@@ -247,12 +248,11 @@ static int msm_rpm_master_copy_stats( 
			record.active_cores);

	}



	j = find_first_bit((unsigned long *)&record.active_cores,

							BITS_PER_LONG);

	active_cores = record.active_cores;

	j = find_first_bit(&active_cores, BITS_PER_LONG);

	while (j < BITS_PER_LONG) {

		SNPRINTF(buf, count, "\t\tcore%d\n", j);

		j = find_next_bit((unsigned long *)&record.active_cores,

				BITS_PER_LONG, j + 1);

		j = find_next_bit(&active_cores, BITS_PER_LONG, j + 1);

	}



	master_cnt++;