On Wed, Feb 15, 2017 at 02:00:41PM -0800, Bjorn Andersson wrote: > In the transition from using rproc_da_to_va(), the type of the load > offset became unsigned. This causes the subsequent check to let negative > values less than p_memsz + mem_size through and we write outside of the > buffer. > > Change the type back to a signed value to catch this. > > Fixes: 7f0dd07a9b29 ("remoteproc: qcom: mdt_loader: Refactor MDT loader") > Fixes: e7fd25226295 ("remoteproc: qcom: q6v5: Decouple driver from MDT loader") > Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Reported-by: Stanimir Varbanov <stanimir.varbanov@xxxxxxxxxx> > Signed-off-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx> Acked-by: Andy Gross <andy.gross@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-arm-msm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html