From 61c29936bb5e17eb3dc14661139694d77c7b033d Mon Sep 17 00:00:00 2001 From: Qianggui Song Date: Thu, 27 Jun 2019 18:46:29 +0800 Subject: [PATCH] ir: fix allocation of memory without size check issue [1/1] PD#SWPL-11248 Problem: When handling the set attribute IOCTL REMOTE_IOC_SET_KEY_NUMBER, the driver does not limit the size of allocation with kzalloc. Solution: Limit the size of alllcation range, if given a value out of range, set update flag to false and do nothing in kzalloc stage. Verify: W400 Change-Id: I6a4150f5615557c372738c918aad86120d149340 Signed-off-by: Qianggui Song --- drivers/amlogic/input/remote/remote_cdev.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/amlogic/input/remote/remote_cdev.c b/drivers/amlogic/input/remote/remote_cdev.c index ea996e3..6705b64 100644 --- a/drivers/amlogic/input/remote/remote_cdev.c +++ b/drivers/amlogic/input/remote/remote_cdev.c @@ -72,6 +72,13 @@ static long remote_ioctl(struct file *file, unsigned int cmd, retval = -EFAULT; goto err; } + + if (value < 1 || value > MAX_KEYMAP_SIZE) { + chip->key_num.update_flag = false; + retval = -EINVAL; + goto err; + } + chip->key_num.update_flag = true; chip->key_num.value = value; break; -- 2.7.4