dsp: asm: validate payload size before access
Payload size is not checked before payload access. Check size to avoid out-of-boundary memory access. Change-Id: I1bd8281ad263b8c0102335504a740312755b8d15 Signed-off-by: Shalini Manjunatha <quic_c_shalma@quicinc.com>
This commit is contained in:
parent
98fd7ebdbc
commit
b7599b3751
10
dsp/q6asm.c
10
dsp/q6asm.c
@ -1,6 +1,7 @@
|
||||
// SPDX-License-Identifier: GPL-2.0-only
|
||||
/*
|
||||
* Copyright (c) 2012-2021, The Linux Foundation. All rights reserved.
|
||||
* Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
* Author: Brian Swetland <swetland@google.com>
|
||||
*
|
||||
* This software is licensed under the terms of the GNU General Public
|
||||
@ -2434,6 +2435,15 @@ static int32_t q6asm_callback(struct apr_client_data *data, void *priv)
|
||||
|
||||
config_debug_fs_read_cb();
|
||||
|
||||
if (data->payload_size != (READDONE_IDX_SEQ_ID + 1) * sizeof(uint32_t)) {
|
||||
pr_err("%s: payload size of %d is less than expected %d.\n",
|
||||
__func__, data->payload_size,
|
||||
((READDONE_IDX_SEQ_ID + 1) * sizeof(uint32_t)));
|
||||
spin_unlock_irqrestore(
|
||||
&(session[session_id].session_lock),
|
||||
flags);
|
||||
return -EINVAL;
|
||||
}
|
||||
dev_vdbg(ac->dev, "%s: ReadDone: status=%d buff_add=0x%x act_size=%d offset=%d\n",
|
||||
__func__, payload[READDONE_IDX_STATUS],
|
||||
payload[READDONE_IDX_BUFADD_LSW],
|
||||
|
Loading…
Reference in New Issue
Block a user