Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 950b6625 authored by Xiaojun Sang's avatar Xiaojun Sang Committed by Gerrit - the friendly Code Review server
Browse files

asoc: check payload length against structure size 



Payload length must exceed structure size. Otherwise, it may
lead to out-of-boundary memory access.

Change-Id: I090de5116ab04a4ca2b9c485e17617fe9e861ad5
Signed-off-by: default avatarXiaojun Sang <xsang@codeaurora.org>
parent b55c37ac

sound/soc/msm/qdsp6v2/msm-qti-pp-config.c

+8 −1
Original line number Diff line number Diff line 
/* Copyright (c) 2012-2018, The Linux Foundation. All rights reserved.

/* Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -1020,6 +1020,13 @@ int msm_adsp_inform_mixer_ctl(struct snd_soc_pcm_runtime *rtd, 
	}



	event_data = (struct msm_adsp_event_data *)payload;

	if (event_data->payload_len < sizeof(struct msm_adsp_event_data)) {

		pr_err("%s: event_data size of %x is less than expected.\n",

			 __func__, event_data->payload_len);

		ret = -EINVAL;

		goto done;

	}



	kctl->info(kctl, &kctl_info);



	if (event_data->payload_len >