Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8fd74548 authored by Shaik Jabida's avatar Shaik Jabida Committed by Vasantha Kumar Raju Angappan
Browse files

dsp: q6lsm: Check size of payload before access



check size of payload before access in q6lsm_mmapcallback.
The payload size can be either 4 or 8 bytes.
Code to verify the payload size is atleast 4 bytes is added.

Change-Id: I64b07f44b66fe6793bc80bc99a09fd0521342531
Signed-off-by: default avatarShaik Jabida <quic_sjabida@quicinc.com>
(cherry picked from commit 14c551f6abb3ad841accc8af91c4a18c0a78b2fe)
parent cc9dc97a
Loading
Loading
Loading
Loading
+11 −1
Original line number Diff line number Diff line
@@ -2036,7 +2036,17 @@ static int q6lsm_mmapcallback(struct apr_client_data *data, void *priv)
		return 0;
	}
	
	if (data->payload_size < (2 * sizeof(uint32_t))) {
	/*
	The payload_size can be either 4 or 8 bytes.
	It has to be verified whether the payload_size is
	atleast 4 bytes. If it is less, returns errorcode.

	The opcode for 4 bytes is 0x12A80
	The opcode for 8 bytes is 0x110E8.
	 
	*/

	if (data->payload_size < (2 * sizeof(uint16_t))) {
		pr_err("%s: payload has invalid size[%d]\n", __func__,
			data->payload_size);
		return -EINVAL;