From 616817368e2f37d477c6309d6fd3a236fe9c7b1b Mon Sep 17 00:00:00 2001
From: Jiyu Yang <jiyu.yang@nxp.com>
Date: Fri, 30 Apr 2021 17:34:45 +0800
Subject: [PATCH] LF-3750 [#imx-2544] fix Out-of-bounds access

fix coverity issue CID 12329075 Out-of-bounds access
Signed-off-by: Jiyu Yang <jiyu.yang@nxp.com>
---
 .../hal/os/linux/kernel/gc_hal_kernel_device.c        | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/drivers/mxc/gpu-viv/hal/os/linux/kernel/gc_hal_kernel_device.c b/drivers/mxc/gpu-viv/hal/os/linux/kernel/gc_hal_kernel_device.c
index c3cd8f3ec801..d3d4da12b06b 100644
--- a/drivers/mxc/gpu-viv/hal/os/linux/kernel/gc_hal_kernel_device.c
+++ b/drivers/mxc/gpu-viv/hal/os/linux/kernel/gc_hal_kernel_device.c
@@ -1587,19 +1587,14 @@ static int gc_clk_write(const char __user *buf, size_t count, void* data)
     size_t ret;
     char _buf[100];
 
-    memset((void*)_buf, 0, 100);
-
-    if (count > 100)
-    {
-        printk("Error: input buffer too large\n");
-    }
-
+    count = min_t(size_t, count, (sizeof(_buf)-1));
     ret = copy_from_user(_buf, buf, count);
     if (ret != 0)
     {
         printk("Error: lost data: %d\n", (int)ret);
-        return ret;
+        return -EFAULT;
     }
+    _buf[count] = 0;
 
     _set_clk(_buf);
 
-- 
2.17.1