msm: kgsl: Fix overflow in sharedmem cache range operation function

There could be possibility of integer overflow on adding size with maximum offset bytes and result in a value smaller than maximum memdesc size. CRs-Fixed: 1082914 Change-Id: Ie66b3a8ca2ca418a4a52f65987266b8d580c121f Signed-off-by: Sudeep Yedalapure <sudeepy@codeaurora.org>
author: Sudeep Yedalapure <sudeepy@codeaurora.org> 2016-11-04 21:47:41 +0530
committer: Sudeep Yedalapure <sudeepy@codeaurora.org> 2016-11-04 22:16:13 +0530
commit: b63c4eb6c72c4715b4a83c76e040355f2ea2d371 (patch)
tree: 31bdb1cff3cfdd718441b18a05519434cd4c81c1 /drivers/gpu
parent: e1f711f8e00cb745202f18fb97fb93ef38a615c2 (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/drivers/gpu/msm/kgsl_sharedmem.c b/drivers/gpu/msm/kgsl_sharedmem.c
index 72895c18119f..618e9e9a33a3 100644
--- a/drivers/gpu/msm/kgsl_sharedmem.c
+++ b/drivers/gpu/msm/kgsl_sharedmem.c
@@ -574,12 +574,11 @@ int kgsl_cache_range_op(struct kgsl_memdesc *memdesc, uint64_t offset,
 	void *addr = (memdesc->hostptr) ?
 		memdesc->hostptr : (void *) memdesc->useraddr;
 
-	/* Make sure that size is non-zero */
-	if (!size)
+	if (size == 0 || size > UINT_MAX)
 		return -EINVAL;
 
-	/* Make sure that the offset + size isn't bigger than we can handle */
-	if ((offset + size) > ULONG_MAX)
+	/* Make sure that the offset + size does not overflow */
+	if ((offset + size < offset) || (offset + size < size))
 		return -ERANGE;
 
 	/* Make sure the offset + size do not overflow the address */
author	Sudeep Yedalapure <sudeepy@codeaurora.org>	2016-11-04 21:47:41 +0530
committer	Sudeep Yedalapure <sudeepy@codeaurora.org>	2016-11-04 22:16:13 +0530
commit	b63c4eb6c72c4715b4a83c76e040355f2ea2d371 (patch)
tree	31bdb1cff3cfdd718441b18a05519434cd4c81c1 /drivers/gpu
parent	e1f711f8e00cb745202f18fb97fb93ef38a615c2 (diff)