ASoC: msm-pcm-host-voice: Address buffer overflow in hpcm playback copy

Add buf len check for the playback data before copy
to avoid OOB issues.

Change-Id: I737d09e275463292365cd183b9a43d09ff9ccbf2
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>

asoc/msm-pcm-host-voice-v2.c

@@ -663,6 +663,13 @@ static void hpcm_copy_playback_data_from_queue(struct dai_data *dai_data,
 				struct hpcm_buf_node, list);
 		list_del(&buf_node->list);
 		*len = buf_node->frame.len;
+
+		if (*len > HPCM_MAX_VOC_PKT_SIZE) {
+			pr_err("%s: Playback data len %d overflow\n",
+				__func__, *len);
+			return;
+		}
+
 		memcpy((u8 *)dai_data->vocpcm_ion_buffer.kvaddr,
 		       &buf_node->frame.voc_pkt[0],
 		       buf_node->frame.len);
@@ -690,8 +697,8 @@ static void hpcm_copy_capture_data_to_queue(struct dai_data *dai_data,
 	if (dai_data->substream == NULL)
 		return;
 
-	if (len >= HPCM_MAX_VOC_PKT_SIZE) {
-		pr_err("%s: Copy capture data len %d is > HPCM_MAX_VOC_PKT_SIZE\n",
+	if (len > HPCM_MAX_VOC_PKT_SIZE) {
+		pr_err("%s: Copy capture data len %d overflow\n",
 			__func__, len);
 		return;
 	}