samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Forka 0
Codice Problemi Pull Requests Actions Pacchetti Progetti Rilasci Wiki Attività

cnss2: Fix mbox_msg size calculated

Sfoglia il codice sorgente 
Current code passes in mbox_msg max buffer
size to mailbox api rather than actual string
length. Resulting in KASAN detecting an out of
bound issue. Fix this by calculating the string
length, and passing that in.

CRs-Fixed: 3876948
Change-Id: I7d9be5466ca5bec81e181f47e278205d6d9a64ce
This commit is contained in:
Mohammed Ahmed
2024-07-03 15:51:08 -07:00
committato da Ravindra Konda
parent 92b14cc478
commit 234bc26709
1 ha cambiato i file con 9 aggiunte e 1 eliminazioni
Scarica il file Patch Scarica il file Diff Expand all files Collapse all files

10
cnss2/power.c
Vedi File

@@ -1415,13 +1415,21 @@ static int
cnss_mbox_send_msg(struct cnss_plat_data *plat_priv, char *mbox_msg)
{
struct qmp_pkt pkt;
int mbox_msg_size;
int ret = 0;
if (!plat_priv->mbox_chan)
return -ENODEV;
mbox_msg_size = strlen(mbox_msg) + 1;
if (mbox_msg_size > CNSS_MBOX_MSG_MAX_LEN) {
cnss_pr_err("message length greater than max length\n");
return -EINVAL;
}
cnss_pr_dbg("Sending AOP Mbox msg: %s\n", mbox_msg);
pkt.size = CNSS_MBOX_MSG_MAX_LEN;
pkt.size = mbox_msg_size;
pkt.data = mbox_msg;
ret = mbox_send_message(plat_priv->mbox_chan, &pkt);
if (ret < 0)