mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 05:35:54 +00:00
34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
From 94f4b81da69ec72486476adb59d7c818bd4ffbd0 Mon Sep 17 00:00:00 2001
|
|
From: chengengjia <chengjia4574@gmail.com>
|
|
Date: Wed, 10 Aug 2016 17:34:43 +0800
|
|
Subject: [PATCH] input: synaptics: Add checks of user input data
|
|
|
|
Add checks of the user input count to avoid possible heap overflow
|
|
|
|
Bug: 30799828
|
|
Change-Id: I896492b18c4ace6565fb9edd5cbf51f363ce157b
|
|
Signed-off-by: chengengjia <chengjia4574@gmail.com>
|
|
Signed-off-by: Andrew Chant <achant@google.com>
|
|
---
|
|
drivers/input/touchscreen/synaptics_fw_update.c | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/drivers/input/touchscreen/synaptics_fw_update.c b/drivers/input/touchscreen/synaptics_fw_update.c
|
|
index 8e457ccaa5245..170a202590ad4 100644
|
|
--- a/drivers/input/touchscreen/synaptics_fw_update.c
|
|
+++ b/drivers/input/touchscreen/synaptics_fw_update.c
|
|
@@ -1736,6 +1736,13 @@ static ssize_t fwu_sysfs_store_image(struct file *data_file,
|
|
return -EAGAIN;
|
|
}
|
|
|
|
+ if (count > fwu->image_size - fwu->data_pos) {
|
|
+ dev_err(&fwu->rmi4_data->i2c_client->dev,
|
|
+ "%s: Not enough space in buffer\n",
|
|
+ __func__);
|
|
+ return -EINVAL;
|
|
+ }
|
|
+
|
|
memcpy((void *)(&fwu->ext_data_source[fwu->data_pos]),
|
|
(const void *)buf,
|
|
count);
|