Commit 7756692d authored Apr 12, 2023 by Soumya Managoli

ASoC: msm-pcm-host-voice: Address buffer overflow in hpcm capture copy



There is no check for the copy data size of the
ADSP returned payload. Add check for the max
hpcm_buf_node size before copy to avoid
buffer out of bounds issue.

Change-Id: Id647888430ce302359a857ef54d321bee99889bf
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>

parent fad96773

asoc/msm-pcm-host-voice-v2.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -683,6 +683,12 @@ static void hpcm_copy_capture_data_to_queue(struct dai_data *dai_data,
		if (dai_data->substream == NULL)
		return;

		if (len >= HPCM_MAX_VOC_PKT_SIZE) {
		pr_err("%s: Copy capture data len %d is > HPCM_MAX_VOC_PKT_SIZE\n",
		__func__, len);
		return;
		}

		/* Copy out buffer packet into free_queue */
		spin_lock_irqsave(&dai_data->dsp_lock, dsp_flags);