ASoC: msm: qdsp6v2: DAP: Update check to validate data length

A big negative data length value can bypass the current check, update the condition to ensure that only valid data length is used to copy the params. CRs-Fixed: 1041130 Change-Id: I6e1a58e901e4c042acfb0ab0a6223dec2949aefe Signed-off-by: Ashish Jain <ashishj@codeaurora.org>
author: Ashish Jain <ashishj@codeaurora.org> 2016-07-18 16:07:42 +0530
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2016-07-21 07:46:43 -0700
commit: e9276dfdcd28de0b272bb9d49bea0d7f747d2746 (patch)
tree: d5f8720650327d03459f48d47150ba4b37f8ed85
parent: 9e4b3ba4afcff08bce320513610955391ab95806 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c b/sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c
index 48180cf5e337..ad2f2e9865c3 100644
--- a/sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c
+++ b/sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c
@@ -1523,8 +1523,9 @@ static int msm_ds2_dap_get_param(u32 cmd, void *arg)
 	}
 
 	/* Return if invalid length */
-	if (dolby_data->length >
-	       (DOLBY_MAX_LENGTH_INDIVIDUAL_PARAM - DOLBY_PARAM_PAYLOAD_SIZE)) {
+	if ((dolby_data->length >
+	      (DOLBY_MAX_LENGTH_INDIVIDUAL_PARAM - DOLBY_PARAM_PAYLOAD_SIZE)) ||
+	      (dolby_data->length <= 0)) {
 		pr_err("Invalid length %d", dolby_data->length);
 		rc = -EINVAL;
 		goto end;
author	Ashish Jain <ashishj@codeaurora.org>	2016-07-18 16:07:42 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2016-07-21 07:46:43 -0700
commit	e9276dfdcd28de0b272bb9d49bea0d7f747d2746 (patch)
tree	d5f8720650327d03459f48d47150ba4b37f8ed85
parent	9e4b3ba4afcff08bce320513610955391ab95806 (diff)