TechPanelGM/kernel_xiaomi_sm8250
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BACKPORT: memshare: Prevent possible integer overflow

Browse Source 
Prevent possible integer overflow by sanitizing the alloc request
size coming from the client against allottable amount of memory.

Change-Id: I74cb0f7b0808f20299586969fd5c810d44c3e576
Signed-off-by: Manoj Prabhu B <quic_bmanoj@quicinc.com>
Signed-off-by: Michael Bestas <mkbestas@lineageos.org>
This commit is contained in:
Manoj Prabhu B
2023-10-03 12:09:39 +05:30
committed by Michael Bestas
parent 7b3f40eb03
commit 30cc8bc23a
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/soc/qcom/memshare/msm_memshare.c
View File

@@ -481,8 +481,12 @@ static void handle_alloc_generic_req(struct qmi_handle *handle,
return;
}
if (!memblock[client_id].allotted) {
if (memblock[client_id].guard_band && alloc_req->num_bytes > 0)
if (!memblock[client_id].allotted && alloc_req->num_bytes > 0) {
if (alloc_req->num_bytes > memblock[client_id].init_size)
alloc_req->num_bytes = memblock[client_id].init_size;
if (memblock[client_id].guard_band)
size = alloc_req->num_bytes + MEMSHARE_GUARD_BYTES;
else
size = alloc_req->num_bytes;