Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 016b80ca authored by Sairam Peri's avatar Sairam Peri Committed by Nageshwar Reddy Goli
Browse files

dsp: q6asm: Add check for ADSP payload size 



There is no check for the ADSP returned payload size
for ASM_SESSION_CMD_GET_MTMX_STRTR_PARAMS_V2 cmd response.
This can lead to buffer overread. Fix is to address this.

Change-Id: I0bd6ee7f19823addc5dde1dfbb32b8a9b102a725
Signed-off-by: default avatarSairam <Peri&lt;quic_peri@quicinc.com>
parent b52120be

dsp/q6asm.c

+10 −1
Original line number Diff line number Diff line
@@ -2405,7 +2405,16 @@ static int32_t q6asm_callback(struct apr_client_data *data, void *priv) 
				__func__, data->payload_size);

		break;

	case ASM_SESSION_CMDRSP_GET_MTMX_STRTR_PARAMS_V2:

		q6asm_process_mtmx_get_param_rsp(ac, (void *) payload);

		payload_size = sizeof(struct asm_mtmx_strtr_get_params_cmdrsp);

		if (data->payload_size < payload_size) {

			pr_err("%s: insufficient payload size = %d\n",

				__func__, data->payload_size);

			spin_unlock_irqrestore(

				&(session[session_id].session_lock), flags);

			return -EINVAL;

		}

		q6asm_process_mtmx_get_param_rsp(ac,

			(struct asm_mtmx_strtr_get_params_cmdrsp *) payload);

		break;

	case ASM_STREAM_PP_EVENT:

	case ASM_STREAM_CMD_ENCDEC_EVENTS: