ANDROID: proc: fix undefined behavior in proc_uid_base_readdir

When uid_base_stuff has no entries, proc_uid_base_readdir tries to
compute an address before the start of the array. Revise this check to
use uid_base_stuff + nents instead, which makes the code valid
regardless of array size.

Bug: 80158484
Test: No more compiler warning with CONFIG_CPU_FREQ_TIMES=n
Change-Id: I6e55b27c3ba8210cee194f6d27bbd62c0b263796
Signed-off-by: Connor O'Brien <connoro@google.com>

diff --git a/fs/proc/uid.c b/fs/proc/uid.c
index 9e15be510d7102d2a312c9f437cc0314d7489442..6a096d25109d1cf14943c3ab73a1ac767af95e3e 100644 (file)
--- a/fs/proc/uid.c
+++ b/fs/proc/uid.c
@@ -174,7 +174,7 @@ static int proc_uid_base_readdir(struct file *file, struct dir_context *ctx)
                return 0;
 
        for (u = uid_base_stuff + (ctx->pos - 2);
-            u <= uid_base_stuff + nents - 1; u++) {
+            u < uid_base_stuff + nents; u++) {
                if (!proc_fill_cache(file, ctx, u->name, u->len,
                                     proc_uident_instantiate, NULL, u))
                        break;