xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

scsi: ufs: Fix potential NULL pointer access during memcpy

Browse Source 
If param_offset is not 0, the memcpy length shouldn't be the true
descriptor length.

Link: https://lore.kernel.org/r/20200603091959.27618-4-huobean@gmail.com
Acked-by: Avri Altman <avri.altman@wdc.com>
Signed-off-by: Bean Huo <beanhuo@micron.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This commit is contained in:
Bean Huo
2020-06-03 11:19:57 +02:00
committed by Martin K. Petersen
parent c4607a0945
commit cbe193f6f0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/scsi/ufs/ufshcd.c
View File

@@ -3223,8 +3223,8 @@ int ufshcd_read_desc_param(struct ufs_hba *hba,
} }
/* Check wherher we will not copy more data, than available */ /* Check wherher we will not copy more data, than available */
if (is_kmalloc && param_size > buff_len) if (is_kmalloc && (param_offset + param_size) > buff_len)
param_size = buff_len; param_size = buff_len - param_offset;
if (is_kmalloc) if (is_kmalloc)
memcpy(param_read_buf, &desc_buf[param_offset], param_size); memcpy(param_read_buf, &desc_buf[param_offset], param_size);