On 10/22/18 17:32, Laura Abbott wrote:
> On 10/22/2018 07:02 AM, Alexey Skidanov wrote:
>> The heap name might be uninitialized and access might crash the
>> kernel.
>>
>
> The heap name should never be null so this seems like this is being
> fixed in the wrong place. Can you explain more how you are hitting
> this issue?
Sure. Carve out heap name is uninitialized. There is the next patch
fixing it. But to be on the safe side, I have added the check.
Thanks,
Alexey
>
> Thanks,
> Laura
>
>> Signed-off-by: Alexey Skidanov <alexey.skidanov@xxxxxxxxx>
>> ---
>> drivers/staging/android/ion/ion.c | 7 +++++--
>> 1 file changed, 5 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/staging/android/ion/ion.c
>> b/drivers/staging/android/ion/ion.c
>> index 9907332..55bca92d 100644
>> --- a/drivers/staging/android/ion/ion.c
>> +++ b/drivers/staging/android/ion/ion.c
>> @@ -459,8 +459,11 @@ int ion_query_heaps(struct ion_heap_query *query)
>> max_cnt = query->cnt;
>> plist_for_each_entry(heap, &dev->heaps, node) {
>> - strncpy(hdata.name, heap->name, MAX_HEAP_NAME);
>> - hdata.name[sizeof(hdata.name) - 1] = '\0';
>> + if (heap->name) {
>> + strncpy(hdata.name, heap->name, MAX_HEAP_NAME);
>> + hdata.name[sizeof(hdata.name) - 1] = '\0';
>> + }
>> +
>> hdata.type = heap->type;
>> hdata.heap_id = heap->id;
>>
>
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
