Merge "msm: adsprpc: overflow vulnerability by race condition in adsprpc driver"
diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c
index d063fe0..8fab320 100644
--- a/drivers/char/adsprpc.c
+++ b/drivers/char/adsprpc.c
@@ -3624,22 +3624,26 @@
{
int err = 0, buf_size = 0;
char strpid[PID_SIZE];
+ char cur_comm[TASK_COMM_LEN];
+ memcpy(cur_comm, current->comm, TASK_COMM_LEN);
+ cur_comm[TASK_COMM_LEN-1] = '\0';
fl->tgid = current->tgid;
snprintf(strpid, PID_SIZE, "%d", current->pid);
- buf_size = strlen(current->comm) + strlen("_") + strlen(strpid) + 1;
+ buf_size = strlen(cur_comm) + strlen("_") + strlen(strpid) + 1;
fl->debug_buf = kzalloc(buf_size, GFP_KERNEL);
if (!fl->debug_buf) {
err = -ENOMEM;
return err;
}
- snprintf(fl->debug_buf, UL_SIZE, "%.10s%s%d",
- current->comm, "_", current->pid);
+ snprintf(fl->debug_buf, buf_size, "%.10s%s%d",
+ cur_comm, "_", current->pid);
fl->debugfs_file = debugfs_create_file(fl->debug_buf, 0644,
debugfs_root, fl, &debugfs_fops);
if (!fl->debugfs_file)
pr_warn("Error: %s: %s: failed to create debugfs file %s\n",
- current->comm, __func__, fl->debug_buf);
+ cur_comm, __func__, fl->debug_buf);
+
return err;
}