From edbe4c67fc0f0914a91fa64fb48d4e7e069d949b Mon Sep 17 00:00:00 2001
From: vivek mehta <mvivek@codeaurora.org>
Date: Wed, 25 May 2016 10:48:11 -0700
Subject: [PATCH] ASoC: msm: audio-effects: misc fixes in h/w accelerated
 effect

Adding integer overflow check in h/w accelerated effect driver.

Bug: 28470967
Change-Id: I17d4cc0a38770f0c5067fa8047cd63e7bf085e48
CRs-Fixed: 1006609
Signed-off-by: Weiyin Jiang <wjiang@codeaurora.org>
Signed-off-by: vivek mehta <mvivek@codeaurora.org>
---
 sound/soc/msm/qdsp6v2/q6asm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sound/soc/msm/qdsp6v2/q6asm.c b/sound/soc/msm/qdsp6v2/q6asm.c
index cbc88b7f118d..6fbedced8942 100644
--- a/sound/soc/msm/qdsp6v2/q6asm.c
+++ b/sound/soc/msm/qdsp6v2/q6asm.c
@@ -1032,6 +1032,12 @@ int q6asm_audio_client_buf_alloc_contiguous(unsigned int dir,
 
 	ac->port[dir].buf = buf;
 
+	/* check for integer overflow */
+	if ((bufcnt > 0) && ((UINT_MAX / bufcnt) < bufsz)) {
+		pr_err("%s: integer overflow\n", __func__);
+		mutex_unlock(&ac->cmd_lock);
+		goto fail;
+	}
 	bytes_to_alloc = bufsz * bufcnt;
 
 	/* The size to allocate should be multiple of 4K bytes */
-- 
GitLab