From: Jiyu Yang <jiyu.yang@nxp.com>
Date: Fri, 30 Apr 2021 09:34:45 +0000 (+0800)
Subject: LF-3750 [#imx-2544] fix Out-of-bounds access
X-Git-Tag: rel_imx_5.10.35_2.0.0-somdevices.0~89
X-Git-Url: https://git.somdevices.com/?a=commitdiff_plain;h=616817368e2f37d477c6309d6fd3a236fe9c7b1b;p=linux.git

LF-3750 [#imx-2544] fix Out-of-bounds access

fix coverity issue CID 12329075 Out-of-bounds access
Signed-off-by: Jiyu Yang <jiyu.yang@nxp.com>
---

diff --git a/drivers/mxc/gpu-viv/hal/os/linux/kernel/gc_hal_kernel_device.c b/drivers/mxc/gpu-viv/hal/os/linux/kernel/gc_hal_kernel_device.c
index c3cd8f3ec801..d3d4da12b06b 100644
--- a/drivers/mxc/gpu-viv/hal/os/linux/kernel/gc_hal_kernel_device.c
+++ b/drivers/mxc/gpu-viv/hal/os/linux/kernel/gc_hal_kernel_device.c
@@ -1587,19 +1587,14 @@ static int gc_clk_write(const char __user *buf, size_t count, void* data)
     size_t ret;
     char _buf[100];
 
-    memset((void*)_buf, 0, 100);
-
-    if (count > 100)
-    {
-        printk("Error: input buffer too large\n");
-    }
-
+    count = min_t(size_t, count, (sizeof(_buf)-1));
     ret = copy_from_user(_buf, buf, count);
     if (ret != 0)
     {
         printk("Error: lost data: %d\n", (int)ret);
-        return ret;
+        return -EFAULT;
     }
+    _buf[count] = 0;
 
     _set_clk(_buf);