ANDROID: uid_sys_stats: Fully initialize uid_entry_tmp value
Amit Pundir at Linaro reported seeing crashes in uid_sys_stats
driver when building with GCC.
Looking into it, it seems the uid_entry_tmp value is used
while only partially initialized, causing potential out of bound
access on the uid_entry io arrays.
This likely has gone unnoticed with clang as I believe we're
using the zero initialization for stack variables security
feature.
So change the logic to fully initialize the uid_entry_tmp
value.
Fixes: f68d4f3c3b53 ("ANDROID: uid_sys_stat: instead update_io_stats_uid_locked to update_io_stats_uid")
Reported-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: John Stultz <jstultz@google.com>
Change-Id: I78de245e80ef60aabec78a615c7ba582ab5a2242
This commit is contained in:
John Stultz
Treehugger Robot
parent
2d3f0c9d41
commit
9267e267be
1 changed files with 2 additions and 3 deletions
|
|
@ -684,9 +684,8 @@ static ssize_t uid_procstat_write(struct file *file,
|
|||
* so that we can unlock_uid during update_io_stats_uid, in order
|
||||
* to avoid the unnecessary lock-time of uid_lock.
|
||||
*/
|
||||
uid_entry_tmp.uid = uid_entry->uid;
|
||||
memcpy(uid_entry_tmp.io, uid_entry->io,
|
||||
sizeof(struct io_stats) * UID_STATE_SIZE);
|
||||
uid_entry_tmp = *uid_entry;
|
||||
|
||||
unlock_uid(uid);
|
||||
update_io_stats_uid(&uid_entry_tmp);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue