DivestOS/Patches/Linux_CVEs/CVE-2017-8254/ANY/0003.patch

42 lines
1.4 KiB
Diff
Raw Normal View History

From 70afce1d9be745005c48fd565c01ce452a565e7e Mon Sep 17 00:00:00 2001
From: Aravind Kumar <akumark@codeaurora.org>
Date: Mon, 11 May 2015 15:26:27 +0530
Subject: ASoC: msm: qdsp6v2: check audio client pointer before accessing
In the registered callback for q6asm, we are checking if
the audio client pointer is valid and also, dereferencing it
to get the session ID even though it could be invalid or expired.
Return and exit immediately if the audio client pointer is
invalid.
CRs-Fixed: 832914
Change-Id: I96b722b584a4b5adf8a33891abd75a320e76ea25
Signed-off-by: Aravind Kumar <akumark@codeaurora.org>
---
sound/soc/msm/qdsp6v2/q6asm.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/sound/soc/msm/qdsp6v2/q6asm.c b/sound/soc/msm/qdsp6v2/q6asm.c
index 9a1e0e7..f6a5cb0 100644
--- a/sound/soc/msm/qdsp6v2/q6asm.c
+++ b/sound/soc/msm/qdsp6v2/q6asm.c
@@ -1451,8 +1451,13 @@ static int32_t q6asm_callback(struct apr_client_data *data, void *priv)
pr_err("%s: data NULL\n", __func__);
return -EINVAL;
}
- if (ac->session <= 0 || ac->session > 8 ||
- !q6asm_is_valid_audio_client(ac)) {
+ if (!q6asm_is_valid_audio_client(ac)) {
+ pr_err("%s: audio client pointer is invalid, ac = %p\n",
+ __func__, ac);
+ return -EINVAL;
+ }
+
+ if (ac->session <= 0 || ac->session > 8) {
pr_err("%s: Session ID is invalid, session = %d\n", __func__,
ac->session);
return -EINVAL;
--
cgit v1.1