From bc3949a563eb8575d9ad5eeffa68fea68ac944a2 Mon Sep 17 00:00:00 2001 From: Dongwoo Lee Date: Thu, 25 Aug 2022 20:07:29 +0900 Subject: [PATCH] hal-backend-power: Fix possible vulnerabilities Change-Id: I770dc6986b618236372ce72f823a65ff64bf2f5c Signed-off-by: Dongwoo Lee --- src/hal-backend-power.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/src/hal-backend-power.c b/src/hal-backend-power.c index 2a9bd7f..8de87a6 100644 --- a/src/hal-backend-power.c +++ b/src/hal-backend-power.c @@ -20,7 +20,6 @@ #include #include #include -#include #include @@ -366,14 +365,17 @@ static struct pass_resource_tmu_ops tmu_ops = { static int bus_dvfs_get_curr_freq(char *res_name) { char buf[BUFF_MAX + 1]; - char unit[BUFF_MAX + 1]; int ret, freq; ret = sysfs_read_str("/sys/class/aml_ddr/freq", buf, BUFF_MAX); if (ret < 0) return ret; - sscanf(buf, "%d %s", &freq, unit); + if (sscanf(buf, "%d %*s", &freq) != 1) + return -EINVAL; + + if (freq < 0 || freq > INT_MAX/1000) + return -EINVAL; return (freq * 1000); } @@ -386,13 +388,17 @@ static int gpu_freq_table[] = { 800000, }; +#define ARRAY_LENGTH(array) (sizeof((array))/sizeof((array)[0])) + static int gpu_dvfs_get_min_freq(char *res_name) { int freq, ret; ret = sysfs_read_int("/sys/class/mpgpu/min_freq", &freq); - if (ret < 0) - return ret; + + if (freq < 0 || freq >= ARRAY_LENGTH(gpu_freq_table)) + return -EINVAL; + return (ret < 0) ? ret : (gpu_freq_table[freq]); } @@ -401,8 +407,9 @@ static int gpu_dvfs_get_max_freq(char *res_name) int freq, ret; ret = sysfs_read_int("/sys/class/mpgpu/max_freq", &freq); - if (ret < 0) - return ret; + if (freq < 0 || freq >= ARRAY_LENGTH(gpu_freq_table)) + return -EINVAL; + return (ret < 0) ? ret : gpu_freq_table[freq]; } @@ -411,8 +418,7 @@ static int gpu_dvfs_get_curr_freq(char *res_name) int freq, ret; ret = sysfs_read_int("/sys/class/mpgpu/cur_freq", &freq); - if (ret < 0) - return ret; + return (ret < 0) ? ret : (freq * 1000); } -- 2.7.4