p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

misc: xilinx_sdfec: Prevent integer overflow in xsdfec_table_write() 

The checking here needs to handle integer overflows because "offset" and
"len" come from the user.

Fixes: 20ec628e80 ("misc: xilinx_sdfec: Add ability to configure LDPC")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Dragan Cvetic <dragan.cvetic@xilinx.com>
Link: https://lore.kernel.org/r/20190821071122.GD26957@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Dan Carpenter 2019-08-21 10:11:22 +03:00 committed by Greg Kroah-Hartman
parent 56a635c0ec
commit 6123f1fe53
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/misc/xilinx_sdfec.c
View File

@ -611,7 +611,9 @@ static int xsdfec_table_write(struct xsdfec_dev *xsdfec, u32 offset,
* Writes that go beyond the length of
* Shared Scale(SC) table should fail
*/
if ((XSDFEC_REG_WIDTH_JUMP * (offset + len)) > depth) {
if (offset > depth / XSDFEC_REG_WIDTH_JUMP ||
len > depth / XSDFEC_REG_WIDTH_JUMP ||
offset + len > depth / XSDFEC_REG_WIDTH_JUMP) {
dev_dbg(xsdfec->dev, "Write exceeds SC table length");
return -EINVAL;
}