Searched hist:a2c714e8cb538406d61e321c627b55ed5362991e (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/drivers/input/touchscreen/ |
| H A D | cyttsp4_core.c | diff a2c714e8cb538406d61e321c627b55ed5362991e Tue Oct 31 13:33:40 CDT 2017 Vince Kim <vince.k.kim@gmail.com> Input: cyttsp4 - avoid overflows when calculating memory sizes
There are several places to perform subtraction to calculate buffer
size such as:
si->si_ofs.cydata_size = si->si_ofs.test_ofs - si->si_ofs.cydata_ofs;
...
p = krealloc(si->si_ptrs.cydata, si->si_ofs.cydata_size, GFP_KERNEL);
Actually, data types of above variables during subtraction are size_t, so
it is unsigned. That means if second operand(si->si_ofs.cydata_ofs) is
greater than the first operand(si->si_ofs.test_ofs), then resulting
si->si_ofs.cydata_size could result in an unsigned integer wrap which is
not desirable.
The proper way to correct this problem is to perform a test of both
operands to avoid having unsigned wrap.
Signed-off-by: Vince Kim <vince.k.kim@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
|