__flush_debug_queue() currently uses core->response_packet
or core->packet for flushing debug queue. So these were
allocated only 4096 bytes, but in read_queue(), boundaries
were checked against VIDC_IFACEQ_VAR_HUGE_PKT_SIZE macro
which is of size 1024 * 12 bytes.
So if FW log packet size is in between 4 KB to 12 KB then
read_queue() allows memcpy() into core->response_packet
or core->packet that will lead to redzone corruption issue
with adjacent alive/valid allocations i.e futher lead to
kernel panic at kfree() sequence(during object validation).
Uploaded change to use same sizes during allocation and
read_queue() validation.
Change-Id: If82766c1479d7589605386f3e314ff2ccd97f6d0
Signed-off-by: Govindaraj Rajagopal <quic_grajagop@quicinc.com>
cd4ea5b043