Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f134827a authored by qctecmdr's avatar qctecmdr Committed by Gerrit - the friendly Code Review server
Browse files

Merge "dsp: asm: validate payload size before access"

parents d30e9037 ca6932ad
Loading
Loading
Loading
Loading
+10 −0
Original line number Diff line number Diff line
// SPDX-License-Identifier: GPL-2.0-only
/*
 * Copyright (c) 2012-2020, The Linux Foundation. All rights reserved.
 * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
 * Author: Brian Swetland <swetland@google.com>
 *
 * This software is licensed under the terms of the GNU General Public
@@ -2289,6 +2290,15 @@ static int32_t q6asm_callback(struct apr_client_data *data, void *priv)

		config_debug_fs_read_cb();

		if (data->payload_size != (READDONE_IDX_SEQ_ID + 1) * sizeof(uint32_t)) {
			pr_err("%s:  payload size of %d is less than expected %d.\n",
					__func__, data->payload_size,
					((READDONE_IDX_SEQ_ID + 1) * sizeof(uint32_t)));
			spin_unlock_irqrestore(
				&(session[session_id].session_lock),
				flags);
			return -EINVAL;
		}
		dev_vdbg(ac->dev, "%s: ReadDone: status=%d buff_add=0x%x act_size=%d offset=%d\n",
				__func__, payload[READDONE_IDX_STATUS],
				payload[READDONE_IDX_BUFADD_LSW],