evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

asoc: check payload length against structure size

Browse source 
Payload length must exceed structure size. Otherwise, it may
lead to out-of-boundary memory access.

Change-Id: I090de5116ab04a4ca2b9c485e17617fe9e861ad5
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
This commit is contained in:
Xiaojun Sang 2019-02-12 17:18:18 +08:00 committed by Gerrit - the friendly Code Review server
parent b55c37ac6f
commit 950b66256c
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
sound/soc/msm/qdsp6v2/msm-qti-pp-config.c
View file

@ -1,4 +1,4 @@
/* Copyright (c) 2012-2018, The Linux Foundation. All rights reserved. /* Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and * it under the terms of the GNU General Public License version 2 and
@ -1020,6 +1020,13 @@ int msm_adsp_inform_mixer_ctl(struct snd_soc_pcm_runtime *rtd,
} }
event_data = (struct msm_adsp_event_data *)payload; event_data = (struct msm_adsp_event_data *)payload;
if (event_data->payload_len < sizeof(struct msm_adsp_event_data)) {
pr_err("%s: event_data size of %x is less than expected.\n",
__func__, event_data->payload_len);
ret = -EINVAL;
goto done;
}
kctl->info(kctl, &kctl_info); kctl->info(kctl, &kctl_info);
if (event_data->payload_len > if (event_data->payload_len >