Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 49f03c6a authored by Soumya Managoli's avatar Soumya Managoli Committed by Sandhya Mutha Naga Venkata
Browse files

dsp: q6core: Avoid OOB access in q6core 



"num_services", a signed integer when compared
with constant results in conversion of signed integer
to max possible unsigned int value when "num_services"
is a negative value. This can lead to OOB read.
Fix is to handle this case.

Change-Id: Id6a8f150d9019c972a87f789e4c626337a97bfff
Signed-off-by: default avatarSoumya Managoli <quic_c_smanag@quicinc.com>
parent 0449b260

dsp/q6core.c

+3 −10
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

/* Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

 * only version 2 as published by the Free Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.

 */



#include <linux/kernel.h>
@@ -196,7 +189,7 @@ EXPORT_SYMBOL(q6core_send_uevent); 
static int parse_fwk_version_info(uint32_t *payload, uint16_t payload_size)

{

	size_t ver_size;

	int num_services;

	uint16_t num_services;



	pr_debug("%s: Payload info num services %d\n",

		 __func__, payload[4]);