dsp: Address information leak in dsp drivers
Due to uninitialised variables used in q6voice and q6usm drivers, there is a possibility of stack information leak whenever lesser size data is copied. Fix is to address this. Change-Id: I6888b468ce50114be3139111ccf4696827540cfd Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
This commit is contained in:
parent
5423d9ef23
commit
56fd62a423
@ -1,6 +1,7 @@
|
||||
// SPDX-License-Identifier: GPL-2.0-only
|
||||
/*
|
||||
* Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.
|
||||
* Copyright (c) 2023, Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
*/
|
||||
#include <linux/mutex.h>
|
||||
#include <linux/wait.h>
|
||||
@ -898,6 +899,7 @@ int q6usm_enc_cfg_blk(struct us_client *usc, struct us_encdec_cfg *us_cfg)
|
||||
sizeof(struct usm_cfg_common));
|
||||
|
||||
/* Transparent data copy */
|
||||
memset(enc_cfg->enc_blk.transp_data, 0, sizeof (enc_cfg->enc_blk.transp_data));
|
||||
memcpy(enc_cfg->enc_blk.transp_data, us_cfg->params,
|
||||
us_cfg->params_size);
|
||||
pr_debug("%s: cfg_size[%d], params_size[%d]\n",
|
||||
|
@ -1164,6 +1164,10 @@ static int voice_create_mvm_cvs_session(struct voice_data *v)
|
||||
common.mvs_info.media_type;
|
||||
cvs_full_ctl_cmd.cvs_session.network_id =
|
||||
common.mvs_info.network_type;
|
||||
|
||||
memset(cvs_full_ctl_cmd.cvs_session.name, 0,
|
||||
sizeof(cvs_full_ctl_cmd.cvs_session.name));
|
||||
|
||||
strlcpy(cvs_full_ctl_cmd.cvs_session.name,
|
||||
"default q6 voice",
|
||||
strlen("default q6 voice")+1);
|
||||
@ -3079,6 +3083,9 @@ static int voice_send_cvp_create_cmd(struct voice_data *v)
|
||||
VSS_IVOCPROC_PORT_ID_NONE;
|
||||
}
|
||||
|
||||
memset(cvp_session_cmd.cvp_session.name, 0,
|
||||
sizeof(cvp_session_cmd.cvp_session.name));
|
||||
|
||||
pr_debug("tx_topology: %d tx_port_id=%d, rx_port_id=%d, mode: 0x%x\n",
|
||||
cvp_session_cmd.cvp_session.tx_topology_id,
|
||||
cvp_session_cmd.cvp_session.tx_port_id,
|
||||
|
Loading…
Reference in New Issue
Block a user