msm: ipc: Detect integer overflow before it happens
As per ANSI C Standard document, integer overflow is an undefined
behavior. So update the code to detect integer overflow before it happens.
CRs-Fixed: 491629
Change-Id: Ifd90c05266477c7734710bb94b9021f8bb9ab761
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
diff --git a/arch/arm/mach-msm/ipc_socket.c b/arch/arm/mach-msm/ipc_socket.c
index a2c4117..515dc92 100644
--- a/arch/arm/mach-msm/ipc_socket.c
+++ b/arch/arm/mach-msm/ipc_socket.c
@@ -55,6 +55,10 @@
} \
} while (0) \
+#ifndef SIZE_MAX
+#define SIZE_MAX ((size_t)-1)
+#endif
+
static int sockets_enabled;
static struct proto msm_ipc_proto;
static const struct proto_ops msm_ipc_proto_ops;
@@ -458,7 +462,8 @@
struct msm_ipc_port *port_ptr;
struct server_lookup_args server_arg;
struct msm_ipc_server_info *srv_info = NULL;
- unsigned int n, srv_info_sz = 0;
+ unsigned int n;
+ size_t srv_info_sz = 0;
int ret;
void *pil;
@@ -502,16 +507,16 @@
break;
}
if (server_arg.num_entries_in_array) {
- srv_info_sz = server_arg.num_entries_in_array *
- sizeof(*srv_info);
- if ((srv_info_sz / sizeof(*srv_info)) !=
- server_arg.num_entries_in_array) {
+ if (server_arg.num_entries_in_array >
+ (SIZE_MAX / sizeof(*srv_info))) {
pr_err("%s: Integer Overflow %d * %d\n",
__func__, sizeof(*srv_info),
server_arg.num_entries_in_array);
ret = -EINVAL;
break;
}
+ srv_info_sz = server_arg.num_entries_in_array *
+ sizeof(*srv_info);
srv_info = kmalloc(srv_info_sz, GFP_KERNEL);
if (!srv_info) {
ret = -ENOMEM;