projects / platform / hal / backend / vim3 / power-vim3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 87962b8)
hal-backend-power: Fix possible vulnerabilities 39/280239/1 accepted/tizen_7.0_unified accepted/tizen_7.0_unified_hotfix accepted/tizen_8.0_unified accepted/tizen_unified tizen tizen_7.0 tizen_7.0_hotfix tizen_8.0 accepted/tizen/7.0/unified/20221110.063725 accepted/tizen/7.0/unified/hotfix/20221116.110429 accepted/tizen/8.0/unified/20231005.094519 accepted/tizen/unified/20220829.062610 submit/tizen/20220829.014729 tizen_7.0_m2_release tizen_8.0_m2_release
authorDongwoo Lee <dwoo08.lee@samsung.com>
Thu, 25 Aug 2022 11:07:29 +0000 (20:07 +0900)
committerDongwoo Lee <dwoo08.lee@samsung.com>
Thu, 25 Aug 2022 11:27:01 +0000 (20:27 +0900)
Change-Id: I770dc6986b618236372ce72f823a65ff64bf2f5c
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
src/hal-backend-power.c patch | blob | history

diff --git a/src/hal-backend-power.c b/src/hal-backend-power.c
index 2a9bd7f..8de87a6 100644 (file)
--- a/src/hal-backend-power.c
+++ b/src/hal-backend-power.c
@@ -20,7 +20,6 @@
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
 
 #include <hal/hal-power-interface.h>
 
@@ -366,14 +365,17 @@ static struct pass_resource_tmu_ops tmu_ops = {
 static int bus_dvfs_get_curr_freq(char *res_name)
 {
        char buf[BUFF_MAX + 1];
-       char unit[BUFF_MAX + 1];
        int ret, freq;
 
        ret = sysfs_read_str("/sys/class/aml_ddr/freq", buf, BUFF_MAX);
        if (ret < 0)
                return ret;
 
-       sscanf(buf, "%d %s", &freq, unit);
+       if (sscanf(buf, "%d %*s", &freq) != 1)
+               return -EINVAL;
+
+       if (freq < 0 || freq > INT_MAX/1000)
+               return -EINVAL;
 
        return (freq * 1000);
 }
@@ -386,13 +388,17 @@ static int gpu_freq_table[] = {
        800000,
 };
 
+#define ARRAY_LENGTH(array) (sizeof((array))/sizeof((array)[0]))
+
 static int gpu_dvfs_get_min_freq(char *res_name)
 {
        int freq, ret;
 
        ret = sysfs_read_int("/sys/class/mpgpu/min_freq", &freq);
-       if (ret < 0)
-               return ret;
+
+       if (freq < 0 || freq >= ARRAY_LENGTH(gpu_freq_table))
+               return -EINVAL;
+
        return (ret < 0) ? ret : (gpu_freq_table[freq]);
 }
 
@@ -401,8 +407,9 @@ static int gpu_dvfs_get_max_freq(char *res_name)
        int freq, ret;
 
        ret = sysfs_read_int("/sys/class/mpgpu/max_freq", &freq);
-       if (ret < 0)
-               return ret;
+       if (freq < 0 || freq >= ARRAY_LENGTH(gpu_freq_table))
+               return -EINVAL;
+
        return (ret < 0) ? ret : gpu_freq_table[freq];
 }
 
@@ -411,8 +418,7 @@ static int gpu_dvfs_get_curr_freq(char *res_name)
        int freq, ret;
 
        ret = sysfs_read_int("/sys/class/mpgpu/cur_freq", &freq);
-       if (ret < 0)
-               return ret;
+
        return (ret < 0) ? ret : (freq * 1000);
 }
 
Domain: System / Kernel;