mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-10 08:24:20 -05:00
52 lines
1.9 KiB
Diff
52 lines
1.9 KiB
Diff
|
From 97fdb441a9fb330a76245e473bc1a2155c809ebe Mon Sep 17 00:00:00 2001
|
||
|
From: Sharad Sangle <assangle@codeaurora.org>
|
||
|
Date: Tue, 13 Dec 2016 14:35:39 +0530
|
||
|
Subject: ASoC: msm: qdsp6v2: DAP: Add check to validate param length
|
||
|
|
||
|
To avoid buffer overflow, validate input length used to
|
||
|
fetch visualizer data.
|
||
|
|
||
|
CRs-fixed: 1096672
|
||
|
Change-Id: I224bc2f20d94182713c565972fb0bd52cad6f3fd
|
||
|
Signed-off-by: Sharad Sangle <assangle@codeaurora.org>
|
||
|
---
|
||
|
sound/soc/msm/qdsp6v2/msm-dolby-dap-config.c | 11 ++++++++++-
|
||
|
1 file changed, 10 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/sound/soc/msm/qdsp6v2/msm-dolby-dap-config.c b/sound/soc/msm/qdsp6v2/msm-dolby-dap-config.c
|
||
|
index bb0f890..5866e46 100644
|
||
|
--- a/sound/soc/msm/qdsp6v2/msm-dolby-dap-config.c
|
||
|
+++ b/sound/soc/msm/qdsp6v2/msm-dolby-dap-config.c
|
||
|
@@ -1,4 +1,4 @@
|
||
|
-/* Copyright (c) 2013-2014, The Linux Foundation. All rights reserved.
|
||
|
+/* Copyright (c) 2013-2014, 2016, The Linux Foundation. All rights reserved.
|
||
|
* This program is free software; you can redistribute it and/or modify
|
||
|
* it under the terms of the GNU General Public License version 2 and
|
||
|
* only version 2 as published by the Free Software Foundation.
|
||
|
@@ -18,6 +18,10 @@
|
||
|
|
||
|
#include "msm-dolby-dap-config.h"
|
||
|
|
||
|
+#ifndef DOLBY_PARAM_VCNB_MAX_LENGTH
|
||
|
+#define DOLBY_PARAM_VCNB_MAX_LENGTH 40
|
||
|
+#endif
|
||
|
+
|
||
|
/* dolby endp based parameters */
|
||
|
struct dolby_dap_endp_params_s {
|
||
|
int device;
|
||
|
@@ -896,6 +900,11 @@ int msm_dolby_dap_param_visualizer_control_get(struct snd_kcontrol *kcontrol,
|
||
|
uint32_t param_payload_len =
|
||
|
DOLBY_PARAM_PAYLOAD_SIZE * sizeof(uint32_t);
|
||
|
int port_id, copp_idx, idx;
|
||
|
+ if (length > DOLBY_PARAM_VCNB_MAX_LENGTH || length <= 0) {
|
||
|
+ pr_err("%s Incorrect VCNB length", __func__);
|
||
|
+ ucontrol->value.integer.value[0] = 0;
|
||
|
+ return -EINVAL;
|
||
|
+ }
|
||
|
for (idx = 0; idx < AFE_MAX_PORTS; idx++) {
|
||
|
port_id = dolby_dap_params_states.port_id[idx];
|
||
|
copp_idx = dolby_dap_params_states.copp_idx[idx];
|
||
|
--
|
||
|
cgit v1.1
|
||
|
|