cd4ea5b043b509df72e46f6799070fd0de7a1118

__flush_debug_queue() currently uses core->response_packet or core->packet for flushing debug queue. So these were allocated only 4096 bytes, but in read_queue(), boundaries were checked against VIDC_IFACEQ_VAR_HUGE_PKT_SIZE macro which is of size 1024 * 12 bytes. So if FW log packet size is in between 4 KB to 12 KB then read_queue() allows memcpy() into core->response_packet or core->packet that will lead to redzone corruption issue with adjacent alive/valid allocations i.e futher lead to kernel panic at kfree() sequence(during object validation). Uploaded change to use same sizes during allocation and read_queue() validation. Change-Id: If82766c1479d7589605386f3e314ff2ccd97f6d0 Signed-off-by: Govindaraj Rajagopal <quic_grajagop@quicinc.com>
Opis
No description provided
Languages
C
98.7%
C++
0.9%
Makefile
0.3%
Starlark
0.1%