From fd6890b6c55c2ced15b7165cc658eb83dafc7eb1 Mon Sep 17 00:00:00 2001
From: Aravind Kumar <akumark@codeaurora.org>
Date: Mon, 11 May 2015 15:26:27 +0530
Subject: [PATCH] ASoC: msm: qdsp6v2: check audio client pointer before accessing

In the registered callback for q6asm, we are checking if
the audio client pointer is valid and also, dereferencing it
to get the session ID even though it could be invalid or expired.
Return and exit immediately if the audio client pointer is
invalid.

Bug: 36252027
CRs-Fixed: 832914
Change-Id: I96b722b584a4b5adf8a33891abd75a320e76ea25
Signed-off-by: Aravind Kumar <akumark@codeaurora.org>
Signed-off-by: Siqi Lin <siqilin@google.com>
---

diff --git a/sound/soc/msm/qdsp6v2/q6asm.c b/sound/soc/msm/qdsp6v2/q6asm.c
index 4f486b1..20e2cef 100644
--- a/sound/soc/msm/qdsp6v2/q6asm.c
+++ b/sound/soc/msm/qdsp6v2/q6asm.c
@@ -915,8 +915,13 @@
 		pr_err("ac or priv NULL\n");
 		return -EINVAL;
 	}
-	if (ac->session <= 0 || ac->session > 8 ||
-		!q6asm_is_valid_audio_client(ac)) {
+	if (!q6asm_is_valid_audio_client(ac)) {
+		pr_err("%s: audio client pointer is invalid, ac = %p\n",
+				__func__, ac);
+		return -EINVAL;
+	}
+
+	if (ac->session <= 0 || ac->session > 8) {
 		pr_err("%s:Session ID is invalid, session = %d\n", __func__,
 			ac->session);
 		return -EINVAL;