Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2eabdc73 authored by Mangesh Kunchamwar's avatar Mangesh Kunchamwar
Browse files

asoc: dsp: add check for integer overflow 



Add check for integer overflow of user
supplied data for ADSP stream command.

CRs-Fixed: 2173850
Change-Id: Idde5665c770398629b1b0cfa2c18d3c023b0f9a2
Signed-off-by: default avatarMangesh Kunchamwar <mangeshk@codeaurora.org>
parent b5e037bd

dsp/q6asm.c

+12 −2
Original line number Diff line number Diff line
@@ -1189,7 +1189,9 @@ int q6asm_send_stream_cmd(struct audio_client *ac, 
{

	char *asm_params = NULL;

	struct apr_hdr hdr;

	int sz, rc;

	int rc;

	uint32_t sz = 0;

	uint64_t actual_sz = 0;



	if (!data || !ac) {

		pr_err("%s: %s is NULL\n", __func__,
@@ -1206,7 +1208,15 @@ int q6asm_send_stream_cmd(struct audio_client *ac, 
		goto done;

	}



	sz = sizeof(struct apr_hdr) + data->payload_len;

	actual_sz = sizeof(struct apr_hdr) + data->payload_len;

	if (actual_sz > U32_MAX) {

		pr_err("%s: payload size 0x%X exceeds limit\n",

		       __func__, data->payload_len);

		rc = -EINVAL;

		goto done;

	}



	sz = (uint32_t)actual_sz;

	asm_params = kzalloc(sz, GFP_KERNEL);

	if (!asm_params) {

		rc = -ENOMEM;