Re: [PATCH] remoteproc: qcom: mdt_loader: Use signed type for offset
From: Andy Gross
Date: Thu Feb 16 2017 - 19:37:59 EST
On Wed, Feb 15, 2017 at 02:00:41PM -0800, Bjorn Andersson wrote:
> In the transition from using rproc_da_to_va(), the type of the load
> offset became unsigned. This causes the subsequent check to let negative
> values less than p_memsz + mem_size through and we write outside of the
> buffer.
>
> Change the type back to a signed value to catch this.
>
> Fixes: 7f0dd07a9b29 ("remoteproc: qcom: mdt_loader: Refactor MDT loader")
> Fixes: e7fd25226295 ("remoteproc: qcom: q6v5: Decouple driver from MDT loader")
> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Reported-by: Stanimir Varbanov <stanimir.varbanov@xxxxxxxxxx>
> Signed-off-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>
Acked-by: Andy Gross <andy.gross@xxxxxxxxxx>