git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Tomas Winkler <tomas.winkler@intel.com>
	Sun, 7 Feb 2016 21:35:19 +0000 (23:35 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 7 Feb 2016 22:47:20 +0000 (14:47 -0800)
commit	f862b6b24f0ffd954633a55f39251a6873b664ca
tree	7f23452860c79dc4fe8a8903b4d642eb8cd40213	tree
parent	439a74b3373dab4214b4191d50dfb1d78be5b18e	commit \| diff

mei: fix possible integer overflow issue

There is a possible integer overflow following by a buffer overflow
when accumulating messages coming from the FW to compose a full payload.
Occurrence of wrap around has to be prevented for next message size
calculation.
For unsigned integer the addition overflow has occurred when the
result is smaller than one of the arguments.
To simplify the fix, the types of buf.size and buf_idx are set to the
same width, namely size_t also to be aligned with the type of length
parameter in file read/write ops.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/misc/mei/amthif.c		diff \| blob \| blame \| history
drivers/misc/mei/client.c		diff \| blob \| blame \| history
drivers/misc/mei/interrupt.c		diff \| blob \| blame \| history
drivers/misc/mei/main.c		diff \| blob \| blame \| history
drivers/misc/mei/mei_dev.h		diff \| blob \| blame \| history