Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit ff9515b8 authored by raghavendra ambadas's avatar raghavendra ambadas Committed by Ritesh Kumar
Browse files

fbdev: msm: check the length of the external input buffer properly 



dchdr->dlen is a short variable controlled by the user-provided data.
If the value is negative, loop continues, also increasing the value
of "len". As a result buffer overflow occurs. So define the len as
unsigned and check with length of string input from user space.

Change-Id: I8bb9ab33d543c826eb330e16ae116385d823ca98
Signed-off-by: default avatarraghavendra ambadas <rambad@codeaurora.org>
Signed-off-by: default avatarRitesh Kumar <riteshk@codeaurora.org>
parent 12e2085e
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment