DivestOS/Patches/Linux_CVEs/CVE-2016-5858/ANY/0003.patch
2017-11-07 17:32:46 -05:00

38 lines
1.2 KiB
Diff

From 3bfe5a89916f7d29492e9f6d941d108b688cb804 Mon Sep 17 00:00:00 2001
From: Karthikeyan Mani <kmani@codeaurora.org>
Date: Wed, 14 Dec 2016 11:46:35 -0800
Subject: ASoC: wcd9335: Fix out of bounds for mad input value
Add check in tasha_mad_input_put function to
return error on out of bounds access using
mad input value.
CRs-fixed: 1096799
Change-Id: Iddaa3fef362f7cb1919aa3bd8dd4b83133fe7c97
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
---
sound/soc/codecs/wcd9335.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c
index c94623c..1f97326 100644
--- a/sound/soc/codecs/wcd9335.c
+++ b/sound/soc/codecs/wcd9335.c
@@ -7575,6 +7575,13 @@ static int tasha_mad_input_put(struct snd_kcontrol *kcontrol,
tasha_mad_input = ucontrol->value.integer.value[0];
+ if (tasha_mad_input >= ARRAY_SIZE(tasha_conn_mad_text)) {
+ dev_err(codec->dev,
+ "%s: tasha_mad_input = %d out of bounds\n",
+ __func__, tasha_mad_input);
+ return -EINVAL;
+ }
+
if (!strcmp(tasha_conn_mad_text[tasha_mad_input], "NOTUSED1") ||
!strcmp(tasha_conn_mad_text[tasha_mad_input], "NOTUSED2") ||
!strcmp(tasha_conn_mad_text[tasha_mad_input], "NOTUSED3") ||
--
cgit v1.1