From ad8e758d30164290a71d9c59fbf7854029556a3e Mon Sep 17 00:00:00 2001 From: Harsh Sahu Date: Fri, 21 Apr 2017 16:12:22 -0700 Subject: msm: mdss: fix memcpy source and dest memory buffer size mismatch Currently memcpy is copying from a bigger memory size to a smaller memory size. This change corrects this issue by performing the memcopy restricted to the smaller of the src or dest memory buffer. CRs-fixed: 2028228 Change-Id: Ibbe5665083799a4262d3cfbb06f94f3e35e03748 Signed-off-by: Harsh Sahu --- drivers/video/fbdev/msm/mdss_compat_utils.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/msm/mdss_compat_utils.c b/drivers/video/fbdev/msm/mdss_compat_utils.c index e9ba775..ba3dec2 100644 --- a/drivers/video/fbdev/msm/mdss_compat_utils.c +++ b/drivers/video/fbdev/msm/mdss_compat_utils.c @@ -119,6 +119,9 @@ static unsigned int __do_compat_ioctl_nr(unsigned int cmd32) static void __copy_atomic_commit_struct(struct mdp_layer_commit *commit, struct mdp_layer_commit32 *commit32) { + unsigned int destSize = sizeof(commit->commit_v1.reserved); + unsigned int srcSize = sizeof(commit32->commit_v1.reserved); + unsigned int count = (destSize <= srcSize ? destSize : srcSize); commit->version = commit32->version; commit->commit_v1.flags = commit32->commit_v1.flags; commit->commit_v1.input_layer_cnt = @@ -127,7 +130,7 @@ static void __copy_atomic_commit_struct(struct mdp_layer_commit *commit, commit->commit_v1.right_roi = commit32->commit_v1.right_roi; commit->commit_v1.bl_level = commit32->commit_v1.bl_level; memcpy(&commit->commit_v1.reserved, &commit32->commit_v1.reserved, - sizeof(commit32->commit_v1.reserved)); + count); } static struct mdp_input_layer32 *__create_layer_list32( -- cgit v1.1