diff options
| author | Cong Tang <congt@codeaurora.org> | 2018-03-20 13:39:59 +0800 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2018-03-21 19:49:22 -0700 |
| commit | a1d5bb92977921fc5509ab9b1502e9701c7aa30e (patch) | |
| tree | 7cbc0216a8f66e28056416112ebcde0c9d6d52b1 | |
| parent | 70a1e9b6257c74c0891e420cdccfd4717516cd86 (diff) | |
ASoC: msm: qdspv2: fix NULL pointer exception in core driver
NULL pointer dereference occurs while getting version size
when version info memory allocation fails.
Add NULL check to avoid this NULL pointer exception.
Change-Id: I589b2114f67df0eeaaa817bad05cd7d44786d3ad
Signed-off-by: Cong Tang <congt@codeaurora.org>
| -rw-r--r-- | sound/soc/msm/qdsp6v2/q6core.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/sound/soc/msm/qdsp6v2/q6core.c b/sound/soc/msm/qdsp6v2/q6core.c index a64cfa03fb03..ec018c24591f 100644 --- a/sound/soc/msm/qdsp6v2/q6core.c +++ b/sound/soc/msm/qdsp6v2/q6core.c @@ -108,8 +108,7 @@ static int parse_fwk_version_info(uint32_t *payload) */ ver_size = sizeof(struct avcs_get_fwk_version) + num_services * sizeof(struct avs_svc_api_info); - if (q6core_lcl.q6core_avcs_ver_info.ver_info != NULL) - pr_warn("%s: Version info is not NULL\n", __func__); + q6core_lcl.q6core_avcs_ver_info.ver_info = kzalloc(ver_size, GFP_ATOMIC); if (q6core_lcl.q6core_avcs_ver_info.ver_info == NULL) @@ -244,12 +243,16 @@ static int32_t aprv2_core_fn_q(struct apr_client_data *data, void *priv) pr_debug("%s: Received AVCS_CMDRSP_GET_FWK_VERSION\n", __func__); payload1 = data->payload; - q6core_lcl.q6core_avcs_ver_info.status = VER_QUERY_SUPPORTED; - q6core_lcl.avcs_fwk_ver_resp_received = 1; ret = parse_fwk_version_info(payload1); - if (ret < 0) + if (ret < 0) { + q6core_lcl.adsp_status = ret; pr_err("%s: Failed to parse payload:%d\n", __func__, ret); + } else { + q6core_lcl.q6core_avcs_ver_info.status = + VER_QUERY_SUPPORTED; + } + q6core_lcl.avcs_fwk_ver_resp_received = 1; wake_up(&q6core_lcl.avcs_fwk_ver_req_wait); break; default: @@ -449,8 +452,14 @@ size_t q6core_get_fwk_version_size(uint32_t service_id) if (ret) goto done; - num_services = q6core_lcl.q6core_avcs_ver_info.ver_info - ->avcs_fwk_version.num_services; + if (q6core_lcl.q6core_avcs_ver_info.ver_info != NULL) { + num_services = q6core_lcl.q6core_avcs_ver_info.ver_info + ->avcs_fwk_version.num_services; + } else { + pr_err("%s: ver_info is NULL\n", __func__); + ret = -EINVAL; + goto done; + } ret = sizeof(struct avcs_get_fwk_version); if (service_id == AVCS_SERVICE_ID_ALL) |