DivestOS/Patches/Linux_CVEs/CVE-2016-10231/ANY/1.patch

39 lines
1.2 KiB
Diff
Raw Normal View History

From 597b1ae4e29ecbc40dc21ea3646f5ee1ee61932e Mon Sep 17 00:00:00 2001
From: Karthikeyan Mani <kmani@codeaurora.org>
Date: Wed, 7 Dec 2016 18:19:31 -0800
Subject: ASoC: wcd9320: Fix out of bounds for mad input value
Add check in taiko_mad_input_put function to
return error on out of bounds access using
mad input value
CRs-fixed: 1096799
Change-Id: I75ce9e881cf05a50e874a555b2f8bd3286cdaed4
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
---
sound/soc/codecs/wcd9320.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/sound/soc/codecs/wcd9320.c b/sound/soc/codecs/wcd9320.c
index 697a1b6..ee4af87 100644
--- a/sound/soc/codecs/wcd9320.c
+++ b/sound/soc/codecs/wcd9320.c
@@ -1204,6 +1204,14 @@ static int taiko_mad_input_put(struct snd_kcontrol *kcontrol,
taiko_mad_input = ucontrol->value.integer.value[0];
+ if (taiko_mad_input >= ARRAY_SIZE(taiko_conn_mad_text)) {
+ dev_err(codec->dev,
+ "%s: taiko_mad_input = %d out of bounds\n",
+ __func__, taiko_mad_input);
+ return -EINVAL;
+ }
+
+
micb_4_int_reg = taiko->resmgr.reg_addr->micb_4_int_rbias;
pr_debug("%s: taiko_mad_input = %s\n", __func__,
taiko_conn_mad_text[taiko_mad_input]);
--
cgit v1.1