ASoC: msm-pcm-voip: Avoid interger underflow (c3b67277) · Commits · e / devices / android_kernel_fairphone_FP5

asoc/msm-pcm-voip-v2.c

+11 −3

Original line number	Diff line number	Diff line
		@@ -368,7 +368,7 @@ static void voip_process_ul_pkt(uint8_t *voc_pkt,
		case MODE_AMR: {
		if (pkt_len <= DSP_FRAME_HDR_LEN) {
		pr_err("%s: pkt_len %d is < required len\n",
		pkt_len);
		__func__, pkt_len);
		spin_unlock_irqrestore(&prtd->dsp_ul_lock,
		dsp_flags);
		return;
		@@ -395,7 +395,7 @@ static void voip_process_ul_pkt(uint8_t *voc_pkt,
		case MODE_4GV_NW: {
		if (pkt_len <= DSP_FRAME_HDR_LEN) {
		pr_err("%s: pkt_len %d is < required len\n",
		pkt_len);
		__func__, pkt_len);
		spin_unlock_irqrestore(&prtd->dsp_ul_lock,
		dsp_flags);
		return;
		@@ -439,7 +439,7 @@ static void voip_process_ul_pkt(uint8_t *voc_pkt,

		if (pkt_len <= 2 * DSP_FRAME_HDR_LEN) {
		pr_err("%s: pkt_len %d is < required len\n",
		pkt_len);
		__func__, pkt_len);
		spin_unlock_irqrestore(&prtd->dsp_ul_lock,
		dsp_flags);
		return;
		@@ -479,6 +479,14 @@ static void voip_process_ul_pkt(uint8_t *voc_pkt,
		buf_node->frame.frm_hdr.timestamp = timestamp;
		voc_pkt = voc_pkt + DSP_FRAME_HDR_LEN;

		if (pkt_len <= 2 * DSP_FRAME_HDR_LEN) {
		pr_err("%s: pkt_len %d is < required len\n",
		__func__, pkt_len);
		spin_unlock_irqrestore(&prtd->dsp_ul_lock,
		dsp_flags);
		return;
		}

		/* There are two frames in the buffer. Length
		* of the second frame:
		*/