ASoC: msm: audio-effects: misc fixes in h/w accelerated effect

Adding memory copy size check and integer overflow check in h/w accelerated effect driver. Change-Id: I17d4cc0a38770f0c5067fa8047cd63e7bf085e48 CRs-Fixed: 1006609 Signed-off-by: Weiyin Jiang <wjiang@codeaurora.org>
author: Weiyin Jiang <wjiang@codeaurora.org> 2016-04-26 14:35:38 +0800
committer: Jeevan Shriram <jshriram@codeaurora.org> 2016-05-03 15:52:37 -0700
commit: 9847f9ca84dfd7f3fb9ecb82274b4349cd09befb (patch)
tree: 228ae288c695a12e1e118163c3547c7a440208c3 /sound
parent: 4e023df9c5ed540fa57d9ea49421828729535181 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/sound/soc/msm/qdsp6v2/q6asm.c b/sound/soc/msm/qdsp6v2/q6asm.c
index dad53baec605..23261271bec8 100644
--- a/sound/soc/msm/qdsp6v2/q6asm.c
+++ b/sound/soc/msm/qdsp6v2/q6asm.c
@@ -1322,6 +1322,12 @@ int q6asm_audio_client_buf_alloc_contiguous(unsigned int dir,
 
 	ac->port[dir].buf = buf;
 
+	/* check for integer overflow */
+	if ((bufcnt > 0) && ((INT_MAX / bufcnt) < bufsz)) {
+		pr_err("%s: integer overflow\n", __func__);
+		mutex_unlock(&ac->cmd_lock);
+		goto fail;
+	}
 	bytes_to_alloc = bufsz * bufcnt;
 
 	/* The size to allocate should be multiple of 4K bytes */
author	Weiyin Jiang <wjiang@codeaurora.org>	2016-04-26 14:35:38 +0800
committer	Jeevan Shriram <jshriram@codeaurora.org>	2016-05-03 15:52:37 -0700
commit	9847f9ca84dfd7f3fb9ecb82274b4349cd09befb (patch)
tree	228ae288c695a12e1e118163c3547c7a440208c3 /sound
parent	4e023df9c5ed540fa57d9ea49421828729535181 (diff)