diff --git a/sound/soc/msm/qdsp6v2/q6adm.c b/sound/soc/msm/qdsp6v2/q6adm.c
index 08caf51..14565cc 100644
--- a/sound/soc/msm/qdsp6v2/q6adm.c
+++ b/sound/soc/msm/qdsp6v2/q6adm.c
@@ -508,9 +508,18 @@
 		rc = -EINVAL;
 		goto adm_get_param_return;
 	}
-	if (params_data) {
+	if ((params_data) &&
+	    (ARRAY_SIZE(adm_get_parameters) > 0) &&
+	    (ARRAY_SIZE(adm_get_parameters) >= 1+adm_get_parameters[0]) &&
+	    (params_length/sizeof(int) >= adm_get_parameters[0])) {
 		for (i = 0; i < adm_get_parameters[0]; i++)
 			params_data[i] = adm_get_parameters[1+i];
+	} else {
+		pr_err("%s: Get param data not copied! get_param array size %zd, index %d, params array size %zd, index %d\n",
+		__func__, ARRAY_SIZE(adm_get_parameters),
+		(1+adm_get_parameters[0]),
+		params_length/sizeof(int),
+		adm_get_parameters[0]);
 	}
 	rc = 0;
 adm_get_param_return:
@@ -799,17 +808,18 @@
 					data->payload_size))
 				break;
 
-			if (payload[0] == 0) {
-				if (data->payload_size >
-				    (4 * sizeof(uint32_t))) {
-					adm_get_parameters[0] = payload[3];
+			if ((payload[0] == 0) &&
+			    (data->payload_size > (4 * sizeof(*payload))) &&
+			    (data->payload_size/sizeof(*payload)-4 >= payload[3]) &&
+			    (ARRAY_SIZE(adm_get_parameters) > 0) &&
+			    (ARRAY_SIZE(adm_get_parameters)-1 >= payload[3])) {
+			                adm_get_parameters[0] = payload[3];
 					pr_debug("GET_PP PARAM:received parameter length: 0x%x\n",
 						adm_get_parameters[0]);
 					/* storing param size then params */
 					for (i = 0; i < payload[3]; i++)
 						adm_get_parameters[1+i] =
 								payload[4+i];
-				}
 			} else {
 				adm_get_parameters[0] = -1;
 				pr_err("%s: GET_PP_PARAMS failed, setting size to %d\n",