Merge "ASoC: msm: Add Buffer overflow check"

/* Copyright (c) 2010-2015, The Linux Foundation. All rights reserved.

/* Copyright (c) 2010-2016, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

#include <asm/ioctls.h>

#include "audio_utils.h"

/*

 * Define maximum buffer size. Below values are chosen considering the higher

 * values used among all native drivers.

 */

#define MAX_FRAME_SIZE	1536

#define MAX_FRAMES	5

#define META_SIZE	(sizeof(struct meta_out_dsp))

#define MAX_BUFFER_SIZE	(1 + ((MAX_FRAME_SIZE + META_SIZE) * MAX_FRAMES))

static int audio_in_pause(struct q6audio_in  *audio)

{

	int rc;

			rc = -EINVAL;

			break;

		}

		if (cfg.buffer_size > MAX_BUFFER_SIZE) {

			rc = -EINVAL;

			break;

		}

		audio->str_cfg.buffer_size = cfg.buffer_size;

		audio->str_cfg.buffer_count = cfg.buffer_count;

		if (audio->opened) {

int q6asm_audio_client_buf_alloc(unsigned int dir/* 1:Out,0:In */,

				struct audio_client *ac,

				unsigned int bufsz,

				unsigned int bufcnt);

				uint32_t bufcnt);

int q6asm_audio_client_buf_alloc_contiguous(unsigned int dir

				/* 1:Out,0:In */,

				struct audio_client *ac,

int q6asm_audio_client_buf_alloc(unsigned int dir,

			struct audio_client *ac,

			unsigned int bufsz,

			unsigned int bufcnt)

			uint32_t bufcnt)

{

	int cnt = 0;

	int rc = 0;

			return 0;

		}

		mutex_lock(&ac->cmd_lock);

		if (bufcnt > (LONG_MAX/sizeof(struct audio_buffer))) {

		if (bufcnt > (U32_MAX/sizeof(struct audio_buffer))) {

			pr_err("%s: Buffer size overflows", __func__);

			mutex_unlock(&ac->cmd_lock);

			goto fail;