ASoC: msm: qdsp6v2: Fix out-of-bounds access in put functions (145c630b) · Commits · e / devices / android_kernel_sony_msm8998

sound/soc/msm/qdsp6v2/msm-pcm-routing-v2.c

+16 −1

Original line number	Diff line number	Diff line
		/* Copyright (c) 2012-2016, The Linux Foundation. All rights reserved.
		/* Copyright (c) 2012-2017, The Linux Foundation. All rights reserved.
		*
		* This program is free software; you can redistribute it and/or modify
		* it under the terms of the GNU General Public License version 2 and
		@@ -1821,6 +1821,11 @@ static int msm_routing_lsm_mux_put(struct snd_kcontrol *kcontrol,
		int lsm_port = AFE_PORT_ID_SLIMBUS_MULTI_CHAN_5_TX;
		struct snd_soc_dapm_update *update = NULL;

		if (mux >= e->items) {
		pr_err("%s: Invalid mux value %d\n", __func__, mux);
		return -EINVAL;
		}

		pr_debug("%s: LSM enable %ld\n", __func__,
		ucontrol->value.integer.value[0]);
		switch (ucontrol->value.integer.value[0]) {
		@@ -2144,6 +2149,11 @@ static int msm_routing_ec_ref_rx_put(struct snd_kcontrol *kcontrol,
		struct soc_enum e = (struct soc_enum )kcontrol->private_value;
		struct snd_soc_dapm_update *update = NULL;

		if (mux >= e->items) {
		pr_err("%s: Invalid mux value %d\n", __func__, mux);
		return -EINVAL;
		}

		mutex_lock(&routing_lock);
		switch (ucontrol->value.integer.value[0]) {
		case 0:
		@@ -2312,6 +2322,11 @@ static int msm_routing_ext_ec_put(struct snd_kcontrol *kcontrol,
		uint16_t ext_ec_ref_port_id;
		struct snd_soc_dapm_update *update = NULL;

		if (mux >= e->items) {
		pr_err("%s: Invalid mux value %d\n", __func__, mux);
		return -EINVAL;
		}

		mutex_lock(&routing_lock);
		msm_route_ext_ec_ref = ucontrol->value.integer.value[0];