samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ASoC: correct read size return value for erroneous conditions

Browse Source 
Wrong return value of in_read() causes integer overflow in omx,
which aborts the process. Correct the return value for erroneous
conditions.

CRs-Fixed: 2336645
Change-Id: Ib01827adc92700876f3b11816857f0086b1b5f94
Signed-off-by: Weiyin Jiang <wjiang@codeaurora.org>
This commit is contained in:
Weiyin Jiang
2018-10-22 16:40:10 +08:00
parent 1ab95845cf
commit 4e6bb44f61
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dsp/codecs/audio_utils.c
View File

@@ -1,4 +1,4 @@
/* Copyright (c) 2010-2017, The Linux Foundation. All rights reserved. /* Copyright (c) 2010-2018, The Linux Foundation. All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and * it under the terms of the GNU General Public License version 2 and
@@ -760,6 +760,10 @@ ssize_t audio_in_read(struct file *file,
} }
bytes_to_copy = bytes_to_copy =
(size + audio->out_frame_info[idx][1]); (size + audio->out_frame_info[idx][1]);
if (bytes_to_copy == 0) {
rc = 0;
break;
}
/* Number of frames information copied */ /* Number of frames information copied */
buf += sizeof(unsigned char); buf += sizeof(unsigned char);
count -= sizeof(unsigned char); count -= sizeof(unsigned char);
@@ -793,8 +797,10 @@ ssize_t audio_in_read(struct file *file,
pr_debug("%s:session id %d: read: %zd bytes\n", __func__, pr_debug("%s:session id %d: read: %zd bytes\n", __func__,
audio->ac->session, (buf-start)); audio->ac->session, (buf-start));
if (!rc) {
if (buf > start) if (buf > start)
return buf - start; return buf - start;
}
return rc; return rc;
} }