msm: kgsl: Fix integer overflow in _load_gpmu_firmware

There is a possibility of integer overflow in the arithmetic calculation for cmd_size. Fix this by adding checks for such arithmetic. Change-Id: I2298a32f8ba3411decb29f55bb7b55e2214de35a Signed-off-by: Abhilash Kumar <krabhi@codeaurora.org>
author: Abhilash Kumar <krabhi@codeaurora.org> 2017-07-28 16:29:53 +0530
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2017-08-04 04:33:52 -0700
commit: fde778c14ade8e7666b30e7777f84a01ea43ea7b (patch)
tree: 7e63adbcadb990d5fdf8582105bd007a2cd7a93a /drivers/gpu
parent: d4a6462641dfdd9f2f1342bb359573e619d6b58f (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/gpu/msm/adreno_a5xx.c b/drivers/gpu/msm/adreno_a5xx.c
index 466c42877b3f..f4dfae1a115f 100644
--- a/drivers/gpu/msm/adreno_a5xx.c
+++ b/drivers/gpu/msm/adreno_a5xx.c
@@ -715,6 +715,10 @@ static int _load_gpmu_firmware(struct adreno_device *adreno_dev)
 	if (ret)
 		goto err;
 
+	/* Integer overflow check for cmd_size */
+	if (data[2] > (data[0] - 2))
+		goto err;
+
 	cmds = data + data[2] + 3;
 	cmd_size = data[0] - data[2] - 2;
author	Abhilash Kumar <krabhi@codeaurora.org>	2017-07-28 16:29:53 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2017-08-04 04:33:52 -0700
commit	fde778c14ade8e7666b30e7777f84a01ea43ea7b (patch)
tree	7e63adbcadb990d5fdf8582105bd007a2cd7a93a /drivers/gpu
parent	d4a6462641dfdd9f2f1342bb359573e619d6b58f (diff)