Skip to content
Snippets Groups Projects
Commit c0b927d3 authored by Zhang Wei's avatar Zhang Wei
Browse files

spcom: check size before calling copy_to_user() 


CVE-2016-5854

Calling copy_to_user(to, from, size) with negative value
might cause heap overflow since size is unsigned parameter
and negative value is cast to big unsigned value.

CRs-Fixed: 1092683
Change-Id: I9b4a0710aa33942de2976f7ee158a8025dd6a20e
Signed-off-by: default avatarAmir Samuelov <amirs@codeaurora.org>
parent 99e3ecc6
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment