mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
49 lines
1.7 KiB
Diff
49 lines
1.7 KiB
Diff
diff --git a/sound/soc/msm/qdsp6v2/q6adm.c b/sound/soc/msm/qdsp6v2/q6adm.c
|
|
index 08caf51..14565cc 100644
|
|
--- a/sound/soc/msm/qdsp6v2/q6adm.c
|
|
+++ b/sound/soc/msm/qdsp6v2/q6adm.c
|
|
@@ -508,9 +508,18 @@
|
|
rc = -EINVAL;
|
|
goto adm_get_param_return;
|
|
}
|
|
- if (params_data) {
|
|
+ if ((params_data) &&
|
|
+ (ARRAY_SIZE(adm_get_parameters) > 0) &&
|
|
+ (ARRAY_SIZE(adm_get_parameters) >= 1+adm_get_parameters[0]) &&
|
|
+ (params_length/sizeof(int) >= adm_get_parameters[0])) {
|
|
for (i = 0; i < adm_get_parameters[0]; i++)
|
|
params_data[i] = adm_get_parameters[1+i];
|
|
+ } else {
|
|
+ pr_err("%s: Get param data not copied! get_param array size %zd, index %d, params array size %zd, index %d\n",
|
|
+ __func__, ARRAY_SIZE(adm_get_parameters),
|
|
+ (1+adm_get_parameters[0]),
|
|
+ params_length/sizeof(int),
|
|
+ adm_get_parameters[0]);
|
|
}
|
|
rc = 0;
|
|
adm_get_param_return:
|
|
@@ -799,17 +808,18 @@
|
|
data->payload_size))
|
|
break;
|
|
|
|
- if (payload[0] == 0) {
|
|
- if (data->payload_size >
|
|
- (4 * sizeof(uint32_t))) {
|
|
- adm_get_parameters[0] = payload[3];
|
|
+ if ((payload[0] == 0) &&
|
|
+ (data->payload_size > (4 * sizeof(*payload))) &&
|
|
+ (data->payload_size/sizeof(*payload)-4 >= payload[3]) &&
|
|
+ (ARRAY_SIZE(adm_get_parameters) > 0) &&
|
|
+ (ARRAY_SIZE(adm_get_parameters)-1 >= payload[3])) {
|
|
+ adm_get_parameters[0] = payload[3];
|
|
pr_debug("GET_PP PARAM:received parameter length: 0x%x\n",
|
|
adm_get_parameters[0]);
|
|
/* storing param size then params */
|
|
for (i = 0; i < payload[3]; i++)
|
|
adm_get_parameters[1+i] =
|
|
payload[4+i];
|
|
- }
|
|
} else {
|
|
adm_get_parameters[0] = -1;
|
|
pr_err("%s: GET_PP_PARAMS failed, setting size to %d\n",
|