mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
33 lines
1.0 KiB
Diff
33 lines
1.0 KiB
Diff
From 76fb3e419e2b149292c3adf1e9171e2b542831bf Mon Sep 17 00:00:00 2001
|
|
From: Ben Romberger <bromberg@codeaurora.org>
|
|
Date: Wed, 8 May 2013 12:46:26 -0700
|
|
Subject: msm: audio: qdsp6v2: Add size safety check to ACDB driver
|
|
|
|
Check that the size sent by userspace is not larger
|
|
then the internal amount allowed. This protects
|
|
against overflowing the stack due to an invalid size.
|
|
|
|
Change-Id: I8230fdb00a7b57d398929e8ab0eb6587476f3db1
|
|
CRs-fixed: 470222
|
|
Signed-off-by: Ben Romberger <bromberg@codeaurora.org>
|
|
---
|
|
arch/arm/mach-msm/qdsp6v2/audio_acdb.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/arch/arm/mach-msm/qdsp6v2/audio_acdb.c b/arch/arm/mach-msm/qdsp6v2/audio_acdb.c
|
|
index 8efd808..aad14be 100644
|
|
--- a/arch/arm/mach-msm/qdsp6v2/audio_acdb.c
|
|
+++ b/arch/arm/mach-msm/qdsp6v2/audio_acdb.c
|
|
@@ -770,7 +770,7 @@ static long acdb_ioctl(struct file *f,
|
|
goto done;
|
|
}
|
|
|
|
- if (size <= 0) {
|
|
+ if ((size <= 0) || (size > sizeof(data))) {
|
|
pr_err("%s: Invalid size sent to driver: %d\n",
|
|
__func__, size);
|
|
result = -EFAULT;
|
|
--
|
|
cgit v1.1
|
|
|