android/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

msm: ADSPRPC: Avoid Out-Of-Bounds access

Browse Source 
Currently, when adding duplicate sessions to an array that holds
session information, no check is performed to avoid going out of
bounds. Add a check to confirm that the index is not out of bounds.

Change-Id: Ib7abcc5347ba49a8c787ec32e8519a11085456d9
Signed-off-by: quic_anane <quic_anane@quicinc.com>
This commit is contained in:
quic_anane 2024-07-16 23:37:45 +05:30 committed by Anandu Krishnan E
parent cfd8b01ad3
commit 2466bcf3ce
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dsp/adsprpc.c
View File

@ -8172,6 +8172,12 @@ static int fastrpc_cb_probe(struct device *dev)
for (j = 1; j < sharedcb_count &&
chan->sesscount < NUM_SESSIONS; j++) {
chan->sesscount++;
VERIFY(err, chan->sesscount < NUM_SESSIONS);
if (err) {
ADSPRPC_WARN("failed to add shared session, maximum sessions (%d) reached \n",
NUM_SESSIONS);
break;
}
dup_sess = &chan->session[chan->sesscount];
memcpy(dup_sess, sess,
sizeof(struct fastrpc_session_ctx));