From edbe4c67fc0f0914a91fa64fb48d4e7e069d949b Mon Sep 17 00:00:00 2001 From: vivek mehta <mvivek@codeaurora.org> Date: Wed, 25 May 2016 10:48:11 -0700 Subject: [PATCH] ASoC: msm: audio-effects: misc fixes in h/w accelerated effect Adding integer overflow check in h/w accelerated effect driver. Bug: 28470967 Change-Id: I17d4cc0a38770f0c5067fa8047cd63e7bf085e48 CRs-Fixed: 1006609 Signed-off-by: Weiyin Jiang <wjiang@codeaurora.org> Signed-off-by: vivek mehta <mvivek@codeaurora.org> --- sound/soc/msm/qdsp6v2/q6asm.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sound/soc/msm/qdsp6v2/q6asm.c b/sound/soc/msm/qdsp6v2/q6asm.c index cbc88b7f118d..6fbedced8942 100644 --- a/sound/soc/msm/qdsp6v2/q6asm.c +++ b/sound/soc/msm/qdsp6v2/q6asm.c @@ -1032,6 +1032,12 @@ int q6asm_audio_client_buf_alloc_contiguous(unsigned int dir, ac->port[dir].buf = buf; + /* check for integer overflow */ + if ((bufcnt > 0) && ((UINT_MAX / bufcnt) < bufsz)) { + pr_err("%s: integer overflow\n", __func__); + mutex_unlock(&ac->cmd_lock); + goto fail; + } bytes_to_alloc = bufsz * bufcnt; /* The size to allocate should be multiple of 4K bytes */ -- GitLab