DivestOS/Patches/Linux_CVEs/CVE-2017-0744/ANY/0001.patch

31 lines
992 B
Diff
Raw Normal View History

2017-10-29 22:14:37 -04:00
diff --git a/sound/soc/tegra/tegra30_avp.c b/sound/soc/tegra/tegra30_avp.c
index 1a8c304..ef0616f 100644
--- a/sound/soc/tegra/tegra30_avp.c
+++ b/sound/soc/tegra/tegra30_avp.c
@@ -276,7 +276,7 @@
struct audio_engine_data *audio_engine;
const struct firmware *ucode_fw;
const struct tegra30_avp_ucode_desc *ucode_desc;
- int ucode_size = 0, ucode_offset = 0, total_ucode_size = 0;
+ ssize_t ucode_size = 0, ucode_offset = 0, total_ucode_size = 0;
int i, ret = 0;
dev_vdbg(audio_avp->dev, "%s", __func__);
@@ -316,13 +316,14 @@
}
ucode_size = ucode_fw->size;
- if (ucode_size <= 0) {
+ if (ucode_size <= 0 ||
+ ucode_size > avp_ucode_desc[i].max_mem_size) {
dev_err(audio_avp->dev, "Invalid ucode size.");
ret = -EINVAL;
release_firmware(ucode_fw);
goto err_param_mem_free;
}
- dev_vdbg(audio_avp->dev, "%s ucode size = %d bytes",
+ dev_vdbg(audio_avp->dev, "%s ucode size = %zd bytes",
ucode_desc->bin_name, ucode_size);
/* Read ucode */