Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3d5955a2 authored Dec 04, 2023 by Raza Kamal

Audio legacy: Integer overflow in msm_lsm_ioctl_compat during audio playback usecase.


size = sizeof(p_info_32) + p_info_32.param_size;
This overflow issue may result heap overflow during copying the data:
memcpy(param_info_rsp, &p_info_32, sizeof(p_info_32));

The validation check is added so that heap overflow can be avoided.

Change-Id: I11dcbe7ebb33e349dfd9f347f3ef25bc781075fc
Signed-off-by: Raza Kamal <quic_razkam@quicinc.com>

parent 5492426a

Hide whitespace changes

Inline Side-by-side

Rohit Sekhar @merothh
mentioned in commit 724bbe81
· Mar 18, 2024

mentioned in commit 724bbe81

mentioned in commit 724bbe814dbd15466c2e57ec323bac4ba8fe4235

Toggle commit list

Please register or to comment