lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lsm: fix potential Null pointer dereference

Browse Source 
Pointer "ptr_info_v2" in function msm_lsm_ioctl may be
dereferenced when it's Null. Add a local structure
"info_v2" to avoid this potential Null pointer dereference.

Change-Id: Iabf5c3b1017b4a44b924c80e4d8e6f2c3d2d5f57
Signed-off-by: Xiaoyu Ye <benyxy@codeaurora.org>
This commit is contained in:
Xiaoyu Ye 2020-06-17 19:42:54 -07:00
parent 06ed8063cd
commit ba1abdc202
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
asoc/msm-lsm-client.c
View File

@ -2404,10 +2404,13 @@ static int msm_lsm_ioctl(struct snd_pcm_substream *substream,
case SNDRV_LSM_SET_MODULE_PARAMS_V2: {
struct snd_lsm_module_params p_data;
struct lsm_params_info *temp_ptr_info = NULL;
struct lsm_params_info_v2 info_v2;
struct lsm_params_info_v2 *ptr_info_v2 = NULL, *temp_ptr_info_v2 = NULL;
size_t p_size = 0, count;
u8 *params;
memset(&info_v2, 0, sizeof(info_v2));
if (!prtd->lsm_client->use_topology) {
dev_err(rtd->dev,
"%s: %s: not supported if not using topology\n",
@ -2472,16 +2475,17 @@ static int msm_lsm_ioctl(struct snd_pcm_substream *substream,
for (count = 0; count < p_data.num_params; count++) {
if (cmd == SNDRV_LSM_SET_MODULE_PARAMS) {
/* convert to V2 param info struct from legacy param info */
ptr_info_v2->module_id = temp_ptr_info->module_id;
ptr_info_v2->param_id = temp_ptr_info->param_id;
ptr_info_v2->param_size = temp_ptr_info->param_size;
ptr_info_v2->param_data = temp_ptr_info->param_data;
ptr_info_v2->param_type = temp_ptr_info->param_type;
info_v2.module_id = temp_ptr_info->module_id;
info_v2.param_id = temp_ptr_info->param_id;
info_v2.param_size = temp_ptr_info->param_size;
info_v2.param_data = temp_ptr_info->param_data;
info_v2.param_type = temp_ptr_info->param_type;
ptr_info_v2->instance_id = INSTANCE_ID_0;
ptr_info_v2->stage_idx = LSM_STAGE_INDEX_FIRST;
ptr_info_v2->model_id = 0;
info_v2.instance_id = INSTANCE_ID_0;
info_v2.stage_idx = LSM_STAGE_INDEX_FIRST;
info_v2.model_id = 0;
ptr_info_v2 = &info_v2;
temp_ptr_info++;
} else {
if (LSM_REG_MULTI_SND_MODEL != temp_ptr_info_v2->param_type ||