malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

dsp: q6lsm: Check size of payload before access

Browse Source 
check size of payload before access in q6lsm_mmapcallback.
The payload size can be either 4 or 8 bytes.
Code to verify the payload size is atleast 4 bytes is added.

Change-Id: I64b07f44b66fe6793bc80bc99a09fd0521342531
Signed-off-by: Shaik Jabida <quic_sjabida@quicinc.com>
(cherry picked from commit 14c551f6abb3ad841accc8af91c4a18c0a78b2fe)
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
This commit is contained in:
Shaik Jabida 2024-07-01 14:27:21 +05:30 committed by Richard Raya
parent e6e7227246
commit 70fe2b13a8
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
techpack/audio/4.0/dsp/q6lsm.c
View File

@ -1901,7 +1901,14 @@ static int q6lsm_mmapcallback(struct apr_client_data *data, void *priv)
return 0;
}
if (data->payload_size < (2 * sizeof(uint32_t))) {
/*
The payload_size can be either 4 or 8 bytes.
It has to be verified whether the payload_size is
atleast 4 bytes. If it is less, returns errorcode.
The opcode for 4 bytes is 0x12A80
The opcode for 8 bytes is 0x110E8.
*/
if (data->payload_size < (2 * sizeof(uint16_t))) {
pr_err("%s: payload has invalid size[%d]\n", __func__,
data->payload_size);
return -EINVAL;

5
techpack/audio/dsp/q6lsm.c
View File

@ -1817,9 +1817,10 @@ static int q6lsm_mmapcallback(struct apr_client_data *data, void *priv)
/*
The payload_size can be either 4 or 8 bytes.
It has to be verified whether the payload_size is
atleast 4 bytes. If it is less, returns errorcode.
atleast 4 bytes. If it is less, returns errorcode.
The opcode for 4 bytes is 0x12A80
The opcode for 8 bytes is 0x110E8.
*/
if (data->payload_size < (2 * sizeof(uint16_t))) {
pr_err("%s: payload has invalid size[%d]\n", __func__,
data->payload_size);