Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit daaf030e authored by Tanya Dixit's avatar Tanya Dixit
Browse files

ASoC: msm: qdsp6v2: Fix information leak in kernel 



In function msm_routing_set_downmix_control_data,
a negative value of be_id from userspace can bypass
the bounds check and thus result in information
leak to the userspace. Fix it by introducing a
lower bound.

CRs-fixed: 2120551
Change-Id: Idf82b38d58939645e69ebd6bac400ac3da19f187
Signed-off-by: default avatarTanya Dixit <tdixit@codeaurora.org>
parent a599fe22

sound/soc/msm/qdsp6v2/msm-pcm-routing-v2.c

+2 −1
Original line number Diff line number Diff line
@@ -16215,7 +16215,8 @@ int msm_routing_set_downmix_control_data(int be_id, int session_id, 
	uint16_t ii;

	uint16_t *dst_gain_ptr = NULL;









	if (be_id >= MSM_BACKEND_DAI_MAX) {









	if (be_id < MSM_BACKEND_DAI_PRI_I2S_RX ||









	    be_id >= MSM_BACKEND_DAI_MAX) {









		rc = -EINVAL;









		return rc;









	}