msm: mdss: check buffer size before writing to user buffer
Check the number of bytes to copy against the size of the
user buffer before copy to user to avoid buffer overflow.
Change-Id: Icdd3d4e755deca19fa431e903620bd9e4c701c89
Signed-off-by: Harsh Sahu <hsahu@codeaurora.org>
diff --git a/drivers/video/msm/mdss/mdss_debug_xlog.c b/drivers/video/msm/mdss/mdss_debug_xlog.c
index 795ff55..0cb26c2 100644
--- a/drivers/video/msm/mdss/mdss_debug_xlog.c
+++ b/drivers/video/msm/mdss/mdss_debug_xlog.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2016, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2014-2016, 2018, The Linux Foundation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
@@ -678,6 +678,11 @@
if (__mdss_xlog_dump_calc_range()) {
len = mdss_xlog_dump_entry(xlog_buf, MDSS_XLOG_BUF_MAX);
+ if (len < 0 || len > count) {
+ pr_err("len is more than the size of user buffer\n");
+ return 0;
+ }
+
if (copy_to_user(buff, xlog_buf, len))
return -EFAULT;
*ppos += len;
