soc: qcom: Validate read and write index before calculating ptr

Currently we are not validating read and write index of
tx and rx fifo's before calculating ptr, this can lead to
out-of-bound access. The patch adds proper check for the same.

CR-Fixed: 2355425
Change-Id: I7b158e94ae743a90ac364783fe31914ca0fa582b
Signed-off-by: Deepak Kumar Singh <deesin@codeaurora.org>

1 files changed, 7 insertions, 1 deletions

diff --git a/drivers/soc/qcom/glink_smem_native_xprt.c b/drivers/soc/qcom/glink_smem_native_xprt.c
index 431fe6748990..7f7cc1527353 100644
--- a/drivers/soc/qcom/glink_smem_native_xprt.c
+++ b/drivers/soc/qcom/glink_smem_native_xprt.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2018, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2014-2019, The Linux Foundation. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 and
@@ -447,6 +447,9 @@ static int fifo_read(struct edge_info *einfo, void *_data, int len)
 	uint32_t fifo_size = einfo->rx_fifo_size;
 	uint32_t n;
 
+	if (read_index >= fifo_size || write_index >= fifo_size)
+		return 0;
+
 	while (len) {
 		ptr = einfo->rx_fifo + read_index;
 		if (read_index <= write_index)
@@ -490,6 +493,9 @@ static uint32_t fifo_write_body(struct edge_info *einfo, const void *_data,
 	uint32_t fifo_size = einfo->tx_fifo_size;
 	uint32_t n;
 
+	if (read_index >= fifo_size || *write_index >= fifo_size)
+		return 0;
+
 	while (len) {
 		ptr = einfo->tx_fifo + *write_index;
 		if (*write_index < read_index) {