asoc: codecs: Fix out of bounds access in register show function

In register show function, when snprintf returns a negative value
out of bounds access occurs while copying the data to user.
Add return value check on snprintf before copy_to_user
to fix this and add sizeof() for tmp_buff to avoid buffer
overflow.

Change-Id: I15f1add37987d2176a165669d7a5b40bd576004c
Signed-off-by: Prasad Kumpatla <[email protected]>

asoc/codecs/wsa883x/wsa883x.c

@@ -254,7 +254,12 @@ static ssize_t swr_slave_reg_show(struct swr_device *pdev, char __user *ubuf,
 		swr_read(pdev, pdev->dev_num, i, &reg_val, 1);
 		len = snprintf(tmp_buf, sizeof(tmp_buf), "0x%.3x: 0x%.2x\n", i,
 			       (reg_val & 0xFF));
-		if (((total + len) >= count - 1) || (len < 0))
+		if (len < 0) {
+			pr_err("%s: fail to fill the buffer\n", __func__);
+			total = -EFAULT;
+			goto copy_err;
+		}
+		if ((total + len) >= count - 1)
 			break;
 		if (copy_to_user((ubuf + total), tmp_buf, len)) {
 			pr_err("%s: fail to copy reg dump\n", __func__);