Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-09-18 15:25:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
75099b9404
DivestOS/Patches/Linux_CVEs/CVE-2017-6425/0.patch

47 lines
1.7 KiB
Diff
Raw Blame History

From ef86560a21fe1f256f6ba772a195201ff202c657 Mon Sep 17 00:00:00 2001
From: "Sravan Kumar D.V.N" <sravank1@codeaurora.org>
Date: Fri, 6 Jan 2017 13:50:04 +0530
Subject: msm: mdss: Clear compat structures before copying to user
In the compat layer, the temporary structures used to convert
data from 32bit to 64bit structures need to be set to 0 before
being assigned values.
CRs-Fixed: 1103689
Change-Id: I405500f427f3f4dc4d38a9fb188fece9a31614ca
Signed-off-by: Sravan Kumar D.V.N <sravank1@codeaurora.org>
---
drivers/video/msm/mdss/mdss_compat_utils.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/video/msm/mdss/mdss_compat_utils.c b/drivers/video/msm/mdss/mdss_compat_utils.c
index ce786f2..35b1b49 100644
--- a/drivers/video/msm/mdss/mdss_compat_utils.c
+++ b/drivers/video/msm/mdss/mdss_compat_utils.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2016, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013-2017, The Linux Foundation. All rights reserved.
* Copyright (C) 1994 Martin Schaller
*
* 2001 - Documented with DocBook
@@ -965,6 +965,7 @@ static int __to_user_pcc_coeff_v1_7(
struct mdp_pcc_data_v1_7_32 pcc_cfg_payload32;
struct mdp_pcc_data_v1_7 pcc_cfg_payload;
+ memset(&pcc_cfg_payload32, 0, sizeof(pcc_cfg_payload32));
if (copy_from_user(&pcc_cfg_payload,
pcc_cfg->cfg_payload,
sizeof(struct mdp_pcc_data_v1_7))) {
@@ -2160,6 +2161,7 @@ static int __to_user_pa_data_v1_7(
struct mdp_pa_data_v1_7_32 pa_cfg_payload32;
struct mdp_pa_data_v1_7 pa_cfg_payload;
+ memset(&pa_cfg_payload32, 0, sizeof(pa_cfg_payload32));
if (copy_from_user(&pa_cfg_payload,
pa_v2_cfg->cfg_payload,
sizeof(pa_cfg_payload))) {
--
cgit v1.1
Reference in New Issue View Git Blame Copy Permalink