Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4ccf051b authored by Xiaojun Sang's avatar Xiaojun Sang Committed by Meng Wang
Browse files

asoc: check payload length against structure size



Payload length must exceed structure size. Otherwise, it may
lead to out-of-boundary memory access.

Change-Id: I090de5116ab04a4ca2b9c485e17617fe9e861ad5
Signed-off-by: default avatarXiaojun Sang <xsang@codeaurora.org>
parent 74d9fedc
Loading
Loading
Loading
Loading
+8 −1
Original line number Diff line number Diff line
// SPDX-License-Identifier: GPL-2.0-only
/* Copyright (c) 2012-2018, The Linux Foundation. All rights reserved.
/* Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.
 */

#include <linux/err.h>
@@ -1172,6 +1172,13 @@ int msm_adsp_inform_mixer_ctl(struct snd_soc_pcm_runtime *rtd,
	}

	event_data = (struct msm_adsp_event_data *)payload;
	if (event_data->payload_len < sizeof(struct msm_adsp_event_data)) {
		pr_err("%s: event_data size of %x is less than expected.\n",
			__func__, event_data->payload_len);
		ret = -EINVAL;
		goto done;
	}

	kctl->info(kctl, &kctl_info);

	if (event_data->payload_len >