dsp: q6voice: Add buf size check for cvs cal data

Check for the max size of cvs command register calibration data that can be copied else will result in buffer overflow. Bug: 295052588 Change-Id: I60ef7a39d97505b493b53466189237a03e1cf3c1 Signed-off-by: Bubble Fang <bubblefang@google.com>
author: Bubble Fang <bubblefang@google.com> 2023-09-04 07:12:48 +0000
committer: Bubble Fang <bubblefang@google.com> 2023-09-26 06:42:32 +0000
commit: 8cdf963f32d94ab0c1adb91a89fd235b57caa78c (patch)
tree: 1f49cbd0b010d86b90d5dec4ab62abc1ba6ccb63
parent: 98361d9521fe61bd7b47256c5cb860f02ad1162e (diff)
download: msm-extra-8cdf963f32d94ab0c1adb91a89fd235b57caa78c.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/dsp/q6voice.c b/dsp/q6voice.c
index 472ad7b2..f433c63e 100644
--- a/dsp/q6voice.c
+++ b/dsp/q6voice.c
@@ -2759,6 +2759,13 @@ static int voice_send_cvs_register_cal_cmd(struct voice_data *v)
 		goto unlock;
 	}
 
+	if (col_data->cal_data.size >= MAX_COL_INFO_SIZE) {
+		pr_err("%s: Invalid cal data size %d!\n",
+			__func__, col_data->cal_data.size);
+		ret = -EINVAL;
+		goto unlock;
+	}
+
 	memcpy(&cvs_reg_cal_cmd.cvs_cal_data.column_info[0],
 	       (void *) &((struct audio_cal_info_voc_col *)
 	       col_data->cal_info)->data,
author	Bubble Fang <bubblefang@google.com>	2023-09-04 07:12:48 +0000
committer	Bubble Fang <bubblefang@google.com>	2023-09-26 06:42:32 +0000
commit	8cdf963f32d94ab0c1adb91a89fd235b57caa78c (patch)
tree	1f49cbd0b010d86b90d5dec4ab62abc1ba6ccb63
parent	98361d9521fe61bd7b47256c5cb860f02ad1162e (diff)
download	msm-extra-8cdf963f32d94ab0c1adb91a89fd235b57caa78c.tar.gz