Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-10-31 18:09:19 +00:00
Code Issues Projects Releases Wiki Activity

ASoC: msm: qdsp6v2: DAP: Add check to validate param length

Browse source 
To avoid buffer overflow, validate input length used to
fetch visualizer data.

CRs-fixed: 1096672
Change-Id: I224bc2f20d94182713c565972fb0bd52cad6f3fd
Signed-off-by: Sharad Sangle <assangle@codeaurora.org>
This commit is contained in:
Sharad Sangle 2016-12-13 14:35:39 +05:30 committed by Gerrit - the friendly Code Review server
parent 5ca13723b1
commit 6b7ecac777
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
sound/soc/msm/qdsp6v2/msm-dolby-dap-config.c
View file

@ -1,4 +1,4 @@
/* Copyright (c) 2013-2014, The Linux Foundation. All rights reserved.
/* Copyright (c) 2013-2014, 2016, The Linux Foundation. All rights reserved.
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
* only version 2 as published by the Free Software Foundation.
@ -18,6 +18,10 @@
#include "msm-dolby-dap-config.h"
#ifndef DOLBY_PARAM_VCNB_MAX_LENGTH
#define DOLBY_PARAM_VCNB_MAX_LENGTH 40
#endif
/* dolby endp based parameters */
struct dolby_dap_endp_params_s {
int device;
@ -896,6 +900,11 @@ int msm_dolby_dap_param_visualizer_control_get(struct snd_kcontrol *kcontrol,
uint32_t param_payload_len =
DOLBY_PARAM_PAYLOAD_SIZE * sizeof(uint32_t);
int port_id, copp_idx, idx;
if (length > DOLBY_PARAM_VCNB_MAX_LENGTH || length <= 0) {
pr_err("%s Incorrect VCNB length", __func__);
ucontrol->value.integer.value[0] = 0;
return -EINVAL;
}
for (idx = 0; idx < AFE_MAX_PORTS; idx++) {
port_id = dolby_dap_params_states.port_id[idx];
copp_idx = dolby_dap_params_states.copp_idx[idx];