diff options
| author | Anurag Chouhan <achouhan@codeaurora.org> | 2018-09-19 13:15:13 +0530 |
|---|---|---|
| committer | Anurag Chouhan <achouhan@codeaurora.org> | 2018-09-20 11:58:08 +0530 |
| commit | 708d96ef1bc028e36cb6cfc51dad1b1384629637 (patch) | |
| tree | ff76e486086f6295286598e5c25e7a8af6858aca | |
| parent | 727593cbf7ebb6782b2b3b45a951cc8ccc03a788 (diff) | |
wcnss: Fix buffer overflow in wcnss_prealloc_get
There is potential integer truncation in the wcnss_prealloc_get api.
size_t is 8 byte on x64 platform and "unsigned int" is 4 byte.
To avoid this integer truncation, pass size as size_t instead
of unsigned int.
CRs-Fixed: 2269610
Change-Id: I14b274dd7cad98b55fdce1aaa27783272231afde
Signed-off-by: Anurag Chouhan <achouhan@codeaurora.org>
| -rw-r--r-- | drivers/net/wireless/cnss_prealloc/cnss_prealloc.c | 13 | ||||
| -rw-r--r-- | include/linux/wcnss_wlan.h | 2 | ||||
| -rw-r--r-- | include/net/cnss_prealloc.h | 4 |
3 files changed, 10 insertions, 9 deletions
diff --git a/drivers/net/wireless/cnss_prealloc/cnss_prealloc.c b/drivers/net/wireless/cnss_prealloc/cnss_prealloc.c index af64b3dc4da8..9eaa694570ac 100644 --- a/drivers/net/wireless/cnss_prealloc/cnss_prealloc.c +++ b/drivers/net/wireless/cnss_prealloc/cnss_prealloc.c @@ -17,6 +17,7 @@ #include <linux/wcnss_wlan.h> #include <linux/spinlock.h> #include <linux/debugfs.h> +#include <net/cnss_prealloc.h> #ifdef CONFIG_WCNSS_SKB_PRE_ALLOC #include <linux/skbuff.h> #endif @@ -34,7 +35,7 @@ static struct dentry *debug_base; struct wcnss_prealloc { int occupied; - unsigned int size; + size_t size; void *ptr; #ifdef CONFIG_SLUB_DEBUG unsigned long stack_trace[WCNSS_MAX_STACK_TRACE]; @@ -159,7 +160,7 @@ static inline void wcnss_prealloc_save_stack_trace(struct wcnss_prealloc *entry) } #endif -void *wcnss_prealloc_get(unsigned int size) +void *wcnss_prealloc_get(size_t size) { int i = 0; unsigned long flags; @@ -179,8 +180,8 @@ void *wcnss_prealloc_get(unsigned int size) } spin_unlock_irqrestore(&alloc_lock, flags); - pr_err("wcnss: %s: prealloc not available for size: %d\n", - __func__, size); + pr_err("wcnss: %s: prealloc not available for size: %zu\n", + __func__, size); return NULL; } @@ -219,8 +220,8 @@ void wcnss_prealloc_check_memory_leak(void) j++; } - pr_err("Size: %u, addr: %pK, backtrace:\n", - wcnss_allocs[i].size, wcnss_allocs[i].ptr); + pr_err("Size: %zu, addr: %pK, backtrace:\n", + wcnss_allocs[i].size, wcnss_allocs[i].ptr); print_stack_trace(&wcnss_allocs[i].trace, 1); } diff --git a/include/linux/wcnss_wlan.h b/include/linux/wcnss_wlan.h index 7389fff7da51..06c652cfb6af 100644 --- a/include/linux/wcnss_wlan.h +++ b/include/linux/wcnss_wlan.h @@ -119,7 +119,7 @@ int wcnss_get_wlan_mac_address(char mac_addr[WLAN_MAC_ADDR_SIZE]); void wcnss_allow_suspend(void); void wcnss_prevent_suspend(void); int wcnss_hardware_type(void); -void *wcnss_prealloc_get(unsigned int size); +void *wcnss_prealloc_get(size_t size); int wcnss_prealloc_put(void *ptr); void wcnss_reset_fiq(bool clk_chk_en); void wcnss_suspend_notify(void); diff --git a/include/net/cnss_prealloc.h b/include/net/cnss_prealloc.h index 734b4b69ecbb..39d080a8b184 100644 --- a/include/net/cnss_prealloc.h +++ b/include/net/cnss_prealloc.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2015, The Linux Foundation. All rights reserved. +/* Copyright (c) 2015-2018, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -15,7 +15,7 @@ #define WCNSS_PRE_ALLOC_GET_THRESHOLD (4*1024) -extern void *wcnss_prealloc_get(unsigned int size); +extern void *wcnss_prealloc_get(size_t size); extern int wcnss_prealloc_put(void *ptr); extern int wcnss_pre_alloc_reset(void); void wcnss_prealloc_check_memory_leak(void); |