[PATCH] staging: android: ion: Fixed uninitialized heap name access

Laura Abbott labbott at redhat.com
Mon Oct 22 14:32:26 UTC 2018


On 10/22/2018 07:02 AM, Alexey Skidanov wrote:
> The heap name might be uninitialized and access might crash the
> kernel.
> 

The heap name should never be null so this seems like this is being
fixed in the wrong place. Can you explain more how you are hitting
this issue?

Thanks,
Laura

> Signed-off-by: Alexey Skidanov <alexey.skidanov at intel.com>
> ---
>   drivers/staging/android/ion/ion.c | 7 +++++--
>   1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c
> index 9907332..55bca92d 100644
> --- a/drivers/staging/android/ion/ion.c
> +++ b/drivers/staging/android/ion/ion.c
> @@ -459,8 +459,11 @@ int ion_query_heaps(struct ion_heap_query *query)
>   	max_cnt = query->cnt;
>   
>   	plist_for_each_entry(heap, &dev->heaps, node) {
> -		strncpy(hdata.name, heap->name, MAX_HEAP_NAME);
> -		hdata.name[sizeof(hdata.name) - 1] = '\0';
> +		if (heap->name) {
> +			strncpy(hdata.name, heap->name, MAX_HEAP_NAME);
> +			hdata.name[sizeof(hdata.name) - 1] = '\0';
> +		}
> +
>   		hdata.type = heap->type;
>   		hdata.heap_id = heap->id;
>   
> 



More information about the devel mailing list