ASoC: wcd9xxx: Add check for buffer overflow
Current code does not check if the indexes of array
codec_dai being accessed is within the maximum
number of codec dais for a particular codec. The change
adds this check and ensures that indexes outside the
bounds of array are not accessed.
CRs-Fixed: 628865
Change-Id: Ibf81f91b35e43feddc6b03a1239b4d12e04a95da
Signed-off-by: Aravind Kumar <akumark@codeaurora.org>
diff --git a/drivers/mfd/wcd9xxx-slimslave.c b/drivers/mfd/wcd9xxx-slimslave.c
index 81262b58..4f42181 100644
--- a/drivers/mfd/wcd9xxx-slimslave.c
+++ b/drivers/mfd/wcd9xxx-slimslave.c
@@ -499,7 +499,8 @@
/* This function is called with mutex acquired */
int wcd9xxx_tx_vport_validation(u32 vtable, u32 port_id,
- struct wcd9xxx_codec_dai_data *codec_dai)
+ struct wcd9xxx_codec_dai_data *codec_dai,
+ u32 num_codec_dais)
{
struct wcd9xxx_ch *ch;
int ret = 0;
@@ -508,18 +509,25 @@
pr_debug("%s: vtable 0x%x port_id %u size %d\n", __func__,
vtable, port_id, size);
for_each_set_bit(index, (unsigned long *)&vtable, size) {
- list_for_each_entry(ch,
- &codec_dai[index].wcd9xxx_ch_list,
- list) {
- pr_debug("%s: index %u ch->port %u vtable 0x%x\n",
- __func__, index, ch->port, vtable);
- if (ch->port == port_id) {
- pr_err("%s: TX%u is used by AIF%u_CAP Mixer\n",
- __func__, port_id + 1,
- (index + 1)/2);
- ret = -EINVAL;
- break;
+ if (index < num_codec_dais) {
+ list_for_each_entry(ch,
+ &codec_dai[index].wcd9xxx_ch_list,
+ list) {
+ pr_debug("%s: index %u ch->port %u vtable 0x%x\n",
+ __func__, index, ch->port,
+ vtable);
+ if (ch->port == port_id) {
+ pr_err("%s: TX%u is used by AIF%u_CAP Mixer\n",
+ __func__, port_id + 1,
+ (index + 1)/2);
+ ret = -EINVAL;
+ break;
+ }
}
+ } else {
+ pr_err("%s: Invalid index %d of codec dai",
+ __func__, index);
+ ret = -EINVAL;
}
if (ret)
break;