dsp: Add check for negative value size
There is a possibility where an access to /dev/msm_audio_cal from third party could pass negative size which would lead to crash. Avoid this by negative value size check. Change-Id: Id36c5f10dccbd7d0ee85aa3310badec6815237a2 Signed-off-by: Sujin Panicker <quic_spanic@quicinc.com>
This commit is contained in:
parent
819940c283
commit
2bd17f3f0d
@ -1,6 +1,7 @@
|
||||
// SPDX-License-Identifier: GPL-2.0-only
|
||||
/*
|
||||
* Copyright (c) 2014, 2016-2017, 2020-2021, The Linux Foundation. All rights reserved.
|
||||
* Copyright (c) 2023, Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
*/
|
||||
#include <linux/slab.h>
|
||||
#include <linux/fs.h>
|
||||
@ -416,7 +417,7 @@ static long audio_cal_shared_ioctl(struct file *file, unsigned int cmd,
|
||||
pr_err("%s: Could not copy size value from user\n", __func__);
|
||||
ret = -EFAULT;
|
||||
goto done;
|
||||
} else if ((size < sizeof(struct audio_cal_basic))
|
||||
} else if ((size < 0) || (size < sizeof(struct audio_cal_basic))
|
||||
|| (size > MAX_IOCTL_CMD_SIZE)) {
|
||||
pr_err("%s: Invalid size sent to driver: %d, max size is %d, min size is %zd\n",
|
||||
__func__, size, MAX_IOCTL_CMD_SIZE,
|
||||
|
Loading…
Reference in New Issue
Block a user