DivestOS/Patches/Linux_CVEs-New/CVE-2017-8254/ANY/0.patch

From 70afce1d9be745005c48fd565c01ce452a565e7e Mon Sep 17 00:00:00 2001
From: Aravind Kumar <akumark@codeaurora.org>
Date: Mon, 11 May 2015 15:26:27 +0530
Subject: ASoC: msm: qdsp6v2: check audio client pointer before accessing

In the registered callback for q6asm, we are checking if
the audio client pointer is valid and also, dereferencing it
to get the session ID even though it could be invalid or expired.
Return and exit immediately if the audio client pointer is
invalid.

CRs-Fixed: 832914
Change-Id: I96b722b584a4b5adf8a33891abd75a320e76ea25
Signed-off-by: Aravind Kumar <akumark@codeaurora.org>
---
 sound/soc/msm/qdsp6v2/q6asm.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/sound/soc/msm/qdsp6v2/q6asm.c b/sound/soc/msm/qdsp6v2/q6asm.c
index 9a1e0e7..f6a5cb0 100644
--- a/sound/soc/msm/qdsp6v2/q6asm.c
+++ b/sound/soc/msm/qdsp6v2/q6asm.c
@@ -1451,8 +1451,13 @@ static int32_t q6asm_callback(struct apr_client_data *data, void *priv)
 		pr_err("%s: data NULL\n", __func__);
 		return -EINVAL;
 	}
-	if (ac->session <= 0 || ac->session > 8 ||
-		!q6asm_is_valid_audio_client(ac)) {
+	if (!q6asm_is_valid_audio_client(ac)) {
+		pr_err("%s: audio client pointer is invalid, ac = %p\n",
+				__func__, ac);
+		return -EINVAL;
+	}
+
+	if (ac->session <= 0 || ac->session > 8) {
 		pr_err("%s: Session ID is invalid, session = %d\n", __func__,
 			ac->session);
 		return -EINVAL;
-- 
cgit v1.1
Add patches for many Linux CVEs, and overhaul script paths 2017-10-29 01:48:53 -04:00			`From 70afce1d9be745005c48fd565c01ce452a565e7e Mon Sep 17 00:00:00 2001`
			`From: Aravind Kumar <akumark@codeaurora.org>`
			`Date: Mon, 11 May 2015 15:26:27 +0530`
			`Subject: ASoC: msm: qdsp6v2: check audio client pointer before accessing`

			`In the registered callback for q6asm, we are checking if`
			`the audio client pointer is valid and also, dereferencing it`
			`to get the session ID even though it could be invalid or expired.`
			`Return and exit immediately if the audio client pointer is`
			`invalid.`

			`CRs-Fixed: 832914`
			`Change-Id: I96b722b584a4b5adf8a33891abd75a320e76ea25`
			`Signed-off-by: Aravind Kumar <akumark@codeaurora.org>`
			`---`
			`sound/soc/msm/qdsp6v2/q6asm.c \| 9 +++++++--`
			`1 file changed, 7 insertions(+), 2 deletions(-)`

			`diff --git a/sound/soc/msm/qdsp6v2/q6asm.c b/sound/soc/msm/qdsp6v2/q6asm.c`
			`index 9a1e0e7..f6a5cb0 100644`
			`--- a/sound/soc/msm/qdsp6v2/q6asm.c`
			`+++ b/sound/soc/msm/qdsp6v2/q6asm.c`
			`@@ -1451,8 +1451,13 @@ static int32_t q6asm_callback(struct apr_client_data data, void priv)`
			`pr_err("%s: data NULL\n", __func__);`
			`return -EINVAL;`
			`}`
			`- if (ac->session <= 0 \|\| ac->session > 8 \|\|`
			`- !q6asm_is_valid_audio_client(ac)) {`
			`+ if (!q6asm_is_valid_audio_client(ac)) {`
			`+ pr_err("%s: audio client pointer is invalid, ac = %p\n",`
			`+ __func__, ac);`
			`+ return -EINVAL;`
			`+ }`
			`+`
			`+ if (ac->session <= 0 \|\| ac->session > 8) {`
			`pr_err("%s: Session ID is invalid, session = %d\n", __func__,`
			`ac->session);`
			`return -EINVAL;`
			`--`
			`cgit v1.1`