From 43e6938f37be0386fff4117e8aefff9be49bfe8a Mon Sep 17 00:00:00 2001 From: Mahesh Sivasubramanian Date: Wed, 17 Feb 2016 14:36:32 -0700 Subject: msm: thermal: Add range checking for cluster_id The cluster id flag is passed in from the userspace through ioctl interface. Ensure correctness of cluster id to avoid out of bounds array accesses. CRS-fixed: 977508 Change-Id: I778b962d347b90488b983a15087b13e90ad06688 Signed-off-by: Mahesh Sivasubramanian --- drivers/thermal/msm_thermal-dev.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/thermal/msm_thermal-dev.c b/drivers/thermal/msm_thermal-dev.c index e1032bc..e6af6b8 100644 --- a/drivers/thermal/msm_thermal-dev.c +++ b/drivers/thermal/msm_thermal-dev.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2015, The Linux Foundation. All rights reserved. +/* Copyright (c) 2013-2016, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -114,6 +114,9 @@ static long msm_thermal_process_freq_table_req(struct msm_thermal_ioctl *query, uint32_t table_idx, idx = 0, cluster_id = query->clock_freq.cluster_num; struct clock_plan_arg *clock_freq = &(query->clock_freq); + if (cluster_id >= num_possible_cpus()) + return -EINVAL; + if (!freq_table_len[cluster_id]) { ret = msm_thermal_get_freq_plan_size(cluster_id, &freq_table_len[cluster_id]); @@ -200,6 +203,9 @@ static long msm_thermal_process_voltage_table_req( uint32_t cluster_id = query->voltage.cluster_num; struct voltage_plan_arg *voltage = &(query->voltage); + if (cluster_id >= num_possible_cpus()) + return -EINVAL; + if (!voltage_table_ptr[cluster_id]) { if (!freq_table_len[cluster_id]) { ret = msm_thermal_get_freq_plan_size(cluster_id, -- cgit v1.1