Commit ff15aaf4 authored Sep 23, 2015 by Sathish Ambley

msm: ADSPRPC: Validate buffer size



Ensure that the size of buffer being allocated is not
negative to avoid allocating a smaller buffer and hence
causing buffer overflow conditions.

Change-Id: I150c379471564731771e2bd33d804fd26c793e25
Acked-by: Bharath Kumar <bkumar@qti.qualcomm.com>
Signed-off-by: Sathish Ambley <sathishambley@codeaurora.org>

parent 9fffca4f

drivers/char/adsprpc.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -397,6 +397,11 @@ static int fastrpc_buf_alloc(struct fastrpc_file *fl, ssize_t size,
		int err = 0;
		struct fastrpc_buf buf = 0, fr = 0;
		struct hlist_node *n;

		VERIFY(err, size > 0);
		if (err)
		goto bail;

		/* find the smallest buffer that fits in the cache */
		spin_lock(&fl->hlock);
		hlist_for_each_entry_safe(buf, n, &fl->bufs, hn) {