diff options
author | William Clark <wclark@codeaurora.org> | 2015-04-09 17:58:56 -0700 |
---|---|---|
committer | Devin Kim <dojip.kim@lge.com> | 2016-05-02 10:43:55 -0700 |
commit | 9fa1b1dc9923a7b5892df4feadef4bd953c8665b (patch) | |
tree | c65f5c8a300da4ac0042bccebde47d47b3929d0a | |
parent | 67bbef1886426f703a1eccb8441a10dd355b6078 (diff) |
qseecom: Fix NULL pointer dereferenceandroid-wear-n-preview-1_r0.2
Application name passed from the user space might be NULL or
corrupted, which if accessed later on might end up in NULL
pointer dereference.
Change-Id: I3c91c19a60cee209436218dd9ea370ef53c8c8b6
Signed-off-by: William Clark <wclark@codeaurora.org>
-rw-r--r-- | drivers/misc/qseecom.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/drivers/misc/qseecom.c b/drivers/misc/qseecom.c index ec2733d1c520..76afe3c7f3ba 100644 --- a/drivers/misc/qseecom.c +++ b/drivers/misc/qseecom.c @@ -2359,7 +2359,11 @@ int qseecom_start_app(struct qseecom_handle **handle, size_t len; ion_phys_addr_t pa; - if (!app_name || strlen(app_name) >= MAX_APP_NAME_SIZE) { + if (!app_name) { + pr_err("failed to get the app name\n"); + return -EINVAL; + } + if (strlen(app_name) >= MAX_APP_NAME_SIZE) { pr_err("The app_name (%s) with length %zu is not valid\n", app_name, strlen(app_name)); return -EINVAL; |