Skip to content
Snippets Groups Projects
Select Git revision
  • 6e0f6edff18a63d2558d1769151ce221bffa6229
  • master default protected
  • android-msm-bullhead-3.10-nougat_kgdb_less_changes
  • android-msm-bullhead-3.10-nougat_kgdb
  • android-msm-bullhead-3.10-nougat_klist
  • android-4.4
  • android-msm-vega-4.4-oreo-daydream
  • android-msm-wahoo-4.4-p-preview-5
  • android-msm-wahoo-4.4-pie
  • android-msm-marlin-3.18-p-preview-5
  • android-msm-marlin-3.18-pie
  • android-msm-wahoo-2018.07-oreo-m2
  • android-msm-wahoo-2018.07-oreo-m4
  • android-msm-wahoo-4.4-p-preview-4
  • android-msm-bullhead-3.10-oreo-m6
  • android-msm-angler-3.10-oreo-m6
  • android-msm-marlin-3.18-p-preview-4
  • android-msm-stargazer-3.18-oreo-wear-dr
  • android-msm-catshark-3.18-oreo-wear-dr
  • android-msm-wahoo-4.4-oreo-m2
  • android-msm-wahoo-4.4-oreo-m4
  • android-daydreamos-8.0.0_r0.5
  • android-8.1.0_r0.92
  • android-8.1.0_r0.91
  • android-daydreamos-8.0.0_r0.4
  • android-p-preview-5_r0.2
  • android-p-preview-5_r0.1
  • android-9.0.0_r0.5
  • android-9.0.0_r0.4
  • android-9.0.0_r0.2
  • android-9.0.0_r0.1
  • android-8.1.0_r0.81
  • android-8.1.0_r0.80
  • android-8.1.0_r0.78
  • android-8.1.0_r0.76
  • android-8.1.0_r0.75
  • android-8.1.0_r0.72
  • android-8.1.0_r0.70
  • android-p-preview-4_r0.2
  • android-p-preview-4_r0.1
  • android-wear-8.0.0_r0.30
41 results

AndroidKernelMSM

  • Clone with SSH
  • Clone with HTTPS
  • user avatar
    Skylar Chang authored and Nick Desaulniers committed
    The ipa_ioc_query_intf_rx_props structure comes
    from the ioctl handler, and it is verified that
    the size of rx buffer does not exceed the
    IPA_NUM_PROPS_MAX elements. It is also verified
    that the "entry->rx" buffer does not exceed
    IPA_NUM_PROPS_MAX when "entry" is allocated.
    However, the sizes of the buffer "rx->rx" and
    the buffer "entry->rx" are not guaranteed to
    be the same and will lead memory corruption
    issue. The fix is to add the check before
    memcpy.
    
    Bug: 34026243
    Bug: 35048450
    Bug: 35047780
    Bug: 35047217
    Change-Id: Idf5c2d32f47c1a1cffeaa5607193855188893ddb
    Signed-off-by: default avatarSkylar Chang <chiaweic@codeaurora.org>
    Signed-off-by: default avatarSteve Pfetsch <spfetsch@google.com>
    (am from https://source.codeaurora.org/quic/la/kernel/
    msm-3.18/commit/?id=cf0d31bc3b04cf2db7737d36b11a5bf50af0c1db)
    6e0f6edf
    History
    Name Last commit Last update