On Wed, Feb 15, 2017 at 02:00:41PM -0800, Bjorn Andersson wrote:
> In the transition from using rproc_da_to_va(), the type of the load
> offset became unsigned. This causes the subsequent check to let negative
> values less than p_memsz + mem_size through and we write outside of the
> buffer.
>
> Change the type back to a signed value to catch this.
>
> Fixes: 7f0dd07a9b29 ("remoteproc: qcom: mdt_loader: Refactor MDT loader")
> Fixes: e7fd25226295 ("remoteproc: qcom: q6v5: Decouple driver from MDT
> loader")
> Reported-by: Dan Carpenter <dan.carpen...@oracle.com>
> Reported-by: Stanimir Varbanov <stanimir.varba...@linaro.org>
> Signed-off-by: Bjorn Andersson <bjorn.anders...@linaro.org>
Acked-by: Andy Gross <andy.gr...@linaro.org>
