Added check for bandpassfilter order in order to avoid
coeff len going out of bounds thereby leading to
memory overflow issues.
Change-Id: I401f5f38a3d54d9d6af66e770d03629ed5e1a2bd
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
There is no check for the ADSP returned payload size
for ASM_SESSION_CMD_GET_MTMX_STRTR_PARAMS_V2 cmd response.
This can lead to buffer overread. Fix is to address this.
Change-Id: I0bd6ee7f19823addc5dde1dfbb32b8a9b102a725
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
Due to uninitialised variables used in q6voice
and q6usm drivers, there is a possibility of stack
information leak whenever lesser size data is copied.
Fix is to address this.
Change-Id: I6888b468ce50114be3139111ccf4696827540cfd
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
The global declared mmap_handle can be left dangling
for case when the handle is freed by the calling function.
Fix is to address this. Also add a check to make sure
the mmap_handle is accessed legally.
Change-Id: I367f8a41339aa0025b545b125ee820220efedeee
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
Added check for fbsp state in get_calib_data functions
to avoid OOB read issues.
Change-Id: I6e818892a6b76497aa41241db3849802f394160a
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
Updated get_param_payload buffer ptr to NULL
after free to avoid use after free issue.
Change-Id: I86da8c12a0bdccce690f67b037198b67640e339b
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
Add check for AVCS_CMD_RSP_LOAD_MODULE response payload
to avoid its access after free.
Change-Id: I3023e6676a27fe33d2cc0f44a49813f0ed0ebe3b
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
check for the proper param size before copying,
to avoid OOB memory access of buffer.
Change-Id: I8e9bd3b4be9a2797e76dce403578c038fc07dd58
Signed-off-by: Shalini Manjunatha <quic_c_shalma@quicinc.com>
Fix is to add check for this ADSP returned buf offset + size,
if it is within the available buf size range
Change-Id: I400cc4f5c07164f0a9b405ebea144ea0ae4b6cf2
Signed-off-by: Shalini Manjunatha <quic_c_shalma@quicinc.com>
Add support to remove unnecessary TDM route where TDM is not need.
Change-Id: I56aee33cbb9ecbc190fc24bfa14a071263661292
Signed-off-by: Boyuan Yan <quic_boyuyan@quicinc.com>
There is no check for voip pkt pkt_len,if it contains the
min required data. This can lead to integer underflow.
Add check for the same.
Change-Id: I40242429542b6c32a0e6c3bbe03975c244c2f61a
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
Bus reset is creating mismatch in interrupt generation sequence
and leading to audio playback mute.
Disabling bus reset for soundwire master version 1.5
Change-Id: I1d41a8d11d1f86c8a538f0b8d234bb6d001268ad
Signed-off-by: Vijay Kumar Maddula <quic_vmaddula@quicinc.com>
Payload size is not checked before payload access for AVCS.
Check size to avoid out-of-boundary memory access.
Change-Id: I6de3342617bd4f3fb8849ad2230dd57c07469372
Signed-off-by: Shalini Manjunatha <quic_c_shalma@quicinc.com>
check for the proper param size before copying,
to avoid buffer overflow.
Change-Id: I70c52e6ab76f528ea3714784ab9013b070839c40
Signed-off-by: Shalini Manjunatha <quic_c_shalma@quicinc.com>
Avoid OOB access of sidetone iir config array when
iir_num_biquad_stages returned from cal block is > 10
Change-Id: I45b95e8bdd1a993a526590c94cf2f9a85c12af37
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
Add buf len check for the playback data before copy
to avoid OOB issues.
Change-Id: I737d09e275463292365cd183b9a43d09ff9ccbf2
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
There is no check for voip pkt pkt_len,if it contains the
min required data. This can lead to integer underflow.
Add check for the same.
Change-Id: I40242429542b6c32a0e6c3bbe03975c244c2f61a
Signed-off-by: Soumya Managoli <quic_c_smanag@quicinc.com>
check for the proper param size before copying,
to avoid buffer overflow.
Change-Id: I70c52e6ab76f528ea3714784ab9013b070839c40
Signed-off-by: Shalini Manjunatha <quic_c_shalma@quicinc.com>
