Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5c96bedf authored by Jeya R's avatar Jeya R
Browse files

msm: ADSPRPC: Map and FD non-NULL check before dereferencing 



When fd is zero, we set context fds to NULL. This will avoid
calling map create for context. Proper check is required
to avoid dereferencing of map and fd.

Change-Id: Id8d4b93d7d999e14ac1ebd8291137f799a73cf1a
Acked-by: default avatarEkansh Gupta <ekangupt@qti.qualcomm.com>
Signed-off-by: default avatarJeya R <jeyr@codeaurora.org>
parent 9499b3ff

drivers/char/adsprpc.c

+6 −4
Original line number Diff line number Diff line
@@ -1599,10 +1599,11 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx) 
	PERF_END);

	for (i = bufs; i < bufs + handles; ++i) {

		struct fastrpc_mmap *map = ctx->maps[i];



		if (map) {

			pages[i].addr = map->phys;

			pages[i].size = map->size;

		}

	}

	fdlist = (uint64_t *)&pages[bufs + handles];

	for (i = 0; i < M_FDLIST; i++)

		fdlist[i] = 0;
@@ -1679,6 +1680,7 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx) 
	}

	PERF_END);

	for (i = bufs; rpra && lrpra && i < bufs + handles; i++) {

		if (ctx->fds)

			rpra[i].dma.fd = lrpra[i].dma.fd = ctx->fds[i];

		rpra[i].dma.len = lrpra[i].dma.len = (uint32_t)lpra[i].buf.len;

		rpra[i].dma.offset = lrpra[i].dma.offset =