DivestOS/Patches/Linux_CVEs/CVE-2016-5858/ANY/1.patch

38 lines
1.2 KiB
Diff
Raw Normal View History

From afc5bea71bc8f251dad1104568383019f4923af6 Mon Sep 17 00:00:00 2001
From: Karthikeyan Mani <kmani@codeaurora.org>
Date: Wed, 14 Dec 2016 11:33:18 -0800
Subject: ASoC: wcd9330: Fix out of bounds for mad input value
Add check in tomtom_mad_input_put function to
return error on out of bounds access using
mad input value
CRs-fixed: 1096799
Change-Id: I16f8627b29c7b14a8dc0433b21aa21bf96e98905
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
---
sound/soc/codecs/wcd9330.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/codecs/wcd9330.c b/sound/soc/codecs/wcd9330.c
index 22f3f85..7fb1096 100644
--- a/sound/soc/codecs/wcd9330.c
+++ b/sound/soc/codecs/wcd9330.c
@@ -1377,6 +1377,13 @@ static int tomtom_mad_input_put(struct snd_kcontrol *kcontrol,
tomtom_mad_input = ucontrol->value.integer.value[0];
micb_4_int_reg = tomtom->resmgr.reg_addr->micb_4_int_rbias;
+ if (tomtom_mad_input >= ARRAY_SIZE(tomtom_conn_mad_text)) {
+ dev_err(codec->dev,
+ "%s: tomtom_mad_input = %d out of bounds\n",
+ __func__, tomtom_mad_input);
+ return -EINVAL;
+ }
+
pr_debug("%s: tomtom_mad_input = %s\n", __func__,
tomtom_conn_mad_text[tomtom_mad_input]);
--
cgit v1.1