diff options
| author | Sourav Mohapatra <mohapatr@codeaurora.org> | 2019-07-09 10:13:11 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2019-07-17 20:24:38 -0700 |
| commit | ab4371f93e72015a44b77d7007aa656400a2e037 (patch) | |
| tree | 0a977ee3c98974261fc981714f95dc7b75af411b | |
| parent | d6fdf8ad66d2b3d4cc1862572e70a802dd8a9bf4 (diff) | |
qcacld-3.0: Properly typecast to avoid overread/write
In the function pld_get_thermal_state, the parameter thermal_state is of
type uint16. This parameter is then typecasted into unsigned long before
being passed by reference to the icnss API. As the typecasting occurs
from uint16 (lower) to unsigned long (higher), there can be scenarios
where the adjacent memory gets affected. This can lead to potential
overread, overwrite and stack corruption.
Instead of typecasting from uint16 to unsigned long, change the API
implementation to typecast from unsigned long to uint16. As the expected
value may not exceed 16bits, this will prevent the above mentioned
scenarios from occurring without breaking any functionality.
Change-Id: Ifbf840dacab55d54ba836223a0d2a1a63dd06810
CRs-Fixed: 2486199
| -rw-r--r-- | core/pld/src/pld_common.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/core/pld/src/pld_common.c b/core/pld/src/pld_common.c index 19db8f54e6b4..285578b33c1d 100644 --- a/core/pld/src/pld_common.c +++ b/core/pld/src/pld_common.c @@ -1589,7 +1589,13 @@ void pld_thermal_unregister(struct device *dev) int pld_get_thermal_state(struct device *dev, uint16_t *thermal_state) { - return icnss_get_curr_therm_state(dev, (unsigned long *)thermal_state); + int ret; + unsigned long thermal_state_t; + + ret = icnss_get_curr_therm_state(dev, &thermal_state_t); + *thermal_state = (uint16_t)thermal_state_t; + + return ret; } #else |