ASoC: msm: qdsp6v2: fix KASan out of bounds error
APR header size is included twice which cause memory out of bounds. So
remove extra header size.
BUG: KASan: out of bounds on stack in smd_memcpy_to_fifo+0x74/0xd4 at addr ffffffc0895579f8
Read of size 8 by task mediaserver/507
page:ffffffbac69d5660 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x0()
page dumped because: kasan: bad access detected
Call trace:
[<ffffffc000089e38>] dump_backtrace+0x0/0x1c4
[<ffffffc00008a00c>] show_stack+0x10/0x1c
[<ffffffc001188404>] dump_stack+0x74/0xc8
[<ffffffc00020d664>] kasan_report_error+0x2b0/0x408
[<ffffffc00020d898>] kasan_report+0x34/0x40
[<ffffffc00020c82c>] __asan_load8+0x84/0x90
[<ffffffc0005cbb9c>] smd_memcpy_to_fifo+0x70/0xd4
[<ffffffc0005cf824>] smd_stream_write+0x1c8/0x2f0
[<ffffffc0005cfccc>] smd_packet_write+0x180/0x20c
[<ffffffc0005ceefc>] smd_write+0x74/0x88
[<ffffffc0006068dc>] __apr_tal_write+0x70/0xe0
[<ffffffc000606988>] apr_tal_write+0x3c/0x94
[<ffffffc000605168>] apr_send_pkt+0x1c8/0x224
[<ffffffc000e8d840>] q6core_dereg_all_custom_topologies+0x100/0x21c
[<ffffffc000e8f0e4>] q6core_set_cal+0x1f4/0x47c
[<ffffffc000e4d8c8>] audio_cal_shared_ioctl.isra.0+0x60c/0x92c
[<ffffffc000e4dc70>] audio_cal_compat_ioctl+0x88/0x98
[<ffffffc00027d2dc>] compat_SyS_ioctl+0x1ac/0x1a18
Memory state around the buggy address:
ffffffc089557880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc089557900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffc089557980: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 f4
^
ffffffc089557a00: f4 f4 f2 f2 f2 f2 00 00 00 00 00 f4 f4 f4 f3 f3
ffffffc089557a80: f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
Change-Id: I5fe69422c8ec40f91c7fdbe3f87e331e01a69d78
Signed-off-by: 
Fred Oh <fred@codeaurora.org>
Loading
Please register or sign in to comment