Commit a427bef6 authored Sep 03, 2014 by Aravind Kumar

ASoC: msm: qdsp6v2: add integer overflow check



The overflow check is required to ensure that user space data
in kernel may not cause integer overflow which would later
lead to a buffer overflow.

CRs-Fixed: 563086
Change-Id: Ia0c785b8c895c317e9f904bc738df5217b837191
Signed-off-by: Aravind Kumar <akumark@codeaurora.org>

parent 156aa1e4

sound/soc/msm/qdsp6v2/q6asm.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -1088,6 +1088,11 @@ int q6asm_audio_client_buf_alloc(unsigned int dir,
		return 0;
		}
		mutex_lock(&ac->cmd_lock);
		if (bufcnt > (LONG_MAX/sizeof(struct audio_buffer))) {
		pr_err("%s: Buffer size overflows", __func__);
		mutex_unlock(&ac->cmd_lock);
		goto fail;
		}
		buf = kzalloc(((sizeof(struct audio_buffer))*bufcnt),
		GFP_KERNEL);