mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
33 lines
1.0 KiB
Diff
33 lines
1.0 KiB
Diff
From b44d5f71da7d2c44a7575376c582f9f1cde1cf6d Mon Sep 17 00:00:00 2001
|
|
From: Ben Romberger <bromberg@codeaurora.org>
|
|
Date: Wed, 3 Apr 2013 16:20:18 -0700
|
|
Subject: ASoC: msm: Add size safety check to ACDB driver
|
|
|
|
Check that the size sent by userspace is not larger
|
|
then the internal amount allowed. This protects
|
|
against overflowing the stack due to an invalid size.
|
|
|
|
Change-Id: I4a5b5ca5212bea32b671027d68a66367c5d4c4e7
|
|
CRs-fixed: 470222
|
|
Signed-off-by: Ben Romberger <bromberg@codeaurora.org>
|
|
---
|
|
sound/soc/msm/qdsp6v2/audio_acdb.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/sound/soc/msm/qdsp6v2/audio_acdb.c b/sound/soc/msm/qdsp6v2/audio_acdb.c
|
|
index 16d6e81c..b2a469b 100644
|
|
--- a/sound/soc/msm/qdsp6v2/audio_acdb.c
|
|
+++ b/sound/soc/msm/qdsp6v2/audio_acdb.c
|
|
@@ -1064,7 +1064,7 @@ static long acdb_ioctl(struct file *f,
|
|
goto done;
|
|
}
|
|
|
|
- if (size <= 0) {
|
|
+ if ((size <= 0) || (size > sizeof(data))) {
|
|
pr_err("%s: Invalid size sent to driver: %d\n",
|
|
__func__, size);
|
|
result = -EFAULT;
|
|
--
|
|
cgit v1.1
|
|
|