From: Connor O'Brien <connoro@google.com>
Date: Wed, 23 May 2018 20:00:23 +0000 (-0700)
Subject: ANDROID: proc: fix undefined behavior in proc_uid_base_readdir
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=6d4fa70c7eb193d021a4c317db9e3687bae1ec41;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git

ANDROID: proc: fix undefined behavior in proc_uid_base_readdir

When uid_base_stuff has no entries, proc_uid_base_readdir tries to
compute an address before the start of the array. Revise this check to
use uid_base_stuff + nents instead, which makes the code valid
regardless of array size.

Bug: 80158484
Test: No more compiler warning with CONFIG_CPU_FREQ_TIMES=n
Change-Id: I6e55b27c3ba8210cee194f6d27bbd62c0b263796
Signed-off-by: Connor O'Brien <connoro@google.com>
---

diff --git a/fs/proc/uid.c b/fs/proc/uid.c
index 9e15be510d71..6a096d25109d 100644
--- a/fs/proc/uid.c
+++ b/fs/proc/uid.c
@@ -174,7 +174,7 @@ static int proc_uid_base_readdir(struct file *file, struct dir_context *ctx)
 		return 0;
 
 	for (u = uid_base_stuff + (ctx->pos - 2);
-	     u <= uid_base_stuff + nents - 1; u++) {
+	     u < uid_base_stuff + nents; u++) {
 		if (!proc_fill_cache(file, ctx, u->name, u->len,
 				     proc_uident_instantiate, NULL, u))
 			break;