diff options
author | Bubble Fang <bubblefang@google.com> | 2023-09-04 07:12:48 +0000 |
---|---|---|
committer | Bubble Fang <bubblefang@google.com> | 2023-09-26 06:42:32 +0000 |
commit | 8cdf963f32d94ab0c1adb91a89fd235b57caa78c (patch) | |
tree | 1f49cbd0b010d86b90d5dec4ab62abc1ba6ccb63 | |
parent | 98361d9521fe61bd7b47256c5cb860f02ad1162e (diff) | |
download | msm-extra-8cdf963f32d94ab0c1adb91a89fd235b57caa78c.tar.gz |
dsp: q6voice: Add buf size check for cvs cal data
Check for the max size of cvs command register
calibration data that can be copied else will
result in buffer overflow.
Bug: 295052588
Change-Id: I60ef7a39d97505b493b53466189237a03e1cf3c1
Signed-off-by: Bubble Fang <bubblefang@google.com>
-rw-r--r-- | dsp/q6voice.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/dsp/q6voice.c b/dsp/q6voice.c index 472ad7b2..f433c63e 100644 --- a/dsp/q6voice.c +++ b/dsp/q6voice.c @@ -2759,6 +2759,13 @@ static int voice_send_cvs_register_cal_cmd(struct voice_data *v) goto unlock; } + if (col_data->cal_data.size >= MAX_COL_INFO_SIZE) { + pr_err("%s: Invalid cal data size %d!\n", + __func__, col_data->cal_data.size); + ret = -EINVAL; + goto unlock; + } + memcpy(&cvs_reg_cal_cmd.cvs_cal_data.column_info[0], (void *) &((struct audio_cal_info_voc_col *) col_data->cal_info)->data, |