Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ba1abdc2 authored by Xiaoyu Ye's avatar Xiaoyu Ye
Browse files

lsm: fix potential Null pointer dereference 



Pointer "ptr_info_v2" in function msm_lsm_ioctl may be
dereferenced when it's Null. Add a local structure
"info_v2" to avoid this potential Null pointer dereference.

Change-Id: Iabf5c3b1017b4a44b924c80e4d8e6f2c3d2d5f57
Signed-off-by: default avatarXiaoyu Ye <benyxy@codeaurora.org>
parent 06ed8063

asoc/msm-lsm-client.c

+12 −8
Original line number Diff line number Diff line
@@ -2404,10 +2404,13 @@ static int msm_lsm_ioctl(struct snd_pcm_substream *substream, 
	case SNDRV_LSM_SET_MODULE_PARAMS_V2: {

		struct snd_lsm_module_params p_data;

		struct lsm_params_info *temp_ptr_info = NULL;

		struct lsm_params_info_v2 info_v2;

		struct lsm_params_info_v2 *ptr_info_v2 = NULL, *temp_ptr_info_v2 = NULL;

		size_t p_size = 0, count;

		u8 *params;



		memset(&info_v2, 0, sizeof(info_v2));



		if (!prtd->lsm_client->use_topology) {

			dev_err(rtd->dev,

				"%s: %s: not supported if not using topology\n",
@@ -2472,16 +2475,17 @@ static int msm_lsm_ioctl(struct snd_pcm_substream *substream, 
		for (count = 0; count < p_data.num_params; count++) {

			if (cmd == SNDRV_LSM_SET_MODULE_PARAMS) {

				/* convert to V2 param info struct from legacy param info */

				ptr_info_v2->module_id = temp_ptr_info->module_id;

				ptr_info_v2->param_id = temp_ptr_info->param_id;

				ptr_info_v2->param_size = temp_ptr_info->param_size;

				ptr_info_v2->param_data = temp_ptr_info->param_data;

				ptr_info_v2->param_type = temp_ptr_info->param_type;

				info_v2.module_id = temp_ptr_info->module_id;

				info_v2.param_id = temp_ptr_info->param_id;

				info_v2.param_size = temp_ptr_info->param_size;

				info_v2.param_data = temp_ptr_info->param_data;

				info_v2.param_type = temp_ptr_info->param_type;



				ptr_info_v2->instance_id = INSTANCE_ID_0;

				ptr_info_v2->stage_idx = LSM_STAGE_INDEX_FIRST;

				ptr_info_v2->model_id = 0;

				info_v2.instance_id = INSTANCE_ID_0;

				info_v2.stage_idx = LSM_STAGE_INDEX_FIRST;

				info_v2.model_id = 0;



				ptr_info_v2 = &info_v2;

				temp_ptr_info++;

			} else {

				if (LSM_REG_MULTI_SND_MODEL != temp_ptr_info_v2->param_type ||