Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8fd74548 authored by Shaik Jabida's avatar Shaik Jabida Committed by Vasantha Kumar Raju Angappan
Browse files

dsp: q6lsm: Check size of payload before access 



check size of payload before access in q6lsm_mmapcallback.
The payload size can be either 4 or 8 bytes.
Code to verify the payload size is atleast 4 bytes is added.

Change-Id: I64b07f44b66fe6793bc80bc99a09fd0521342531
Signed-off-by: default avatarShaik Jabida <quic_sjabida@quicinc.com>
(cherry picked from commit 14c551f6abb3ad841accc8af91c4a18c0a78b2fe)
parent cc9dc97a

dsp/q6lsm.c

+11 −1
Original line number Diff line number Diff line
@@ -2036,7 +2036,17 @@ static int q6lsm_mmapcallback(struct apr_client_data *data, void *priv) 
		return 0;

	}

	

	if (data->payload_size < (2 * sizeof(uint32_t))) {

	/*

	The payload_size can be either 4 or 8 bytes.

	It has to be verified whether the payload_size is

	atleast 4 bytes. If it is less, returns errorcode.



	The opcode for 4 bytes is 0x12A80

	The opcode for 8 bytes is 0x110E8.

	 

	*/



	if (data->payload_size < (2 * sizeof(uint16_t))) {

		pr_err("%s: payload has invalid size[%d]\n", __func__,

			data->payload_size);

		return -EINVAL;