|
|
@@ -7332,7 +7332,7 @@ EXPORT_SYMBOL(voc_config_vocoder);
|
|
|
|
|
|
static int32_t qdsp_mvm_callback(struct apr_client_data *data, void *priv)
|
|
|
{
|
|
|
- uint32_t *ptr = NULL;
|
|
|
+ uint32_t *ptr = NULL, min_payload_size = 0;
|
|
|
struct common_data *c = NULL;
|
|
|
struct voice_data *v = NULL;
|
|
|
struct vss_evt_voice_activity *voice_act_update = NULL;
|
|
|
@@ -7400,7 +7400,7 @@ static int32_t qdsp_mvm_callback(struct apr_client_data *data, void *priv)
|
|
|
}
|
|
|
|
|
|
if (data->opcode == APR_BASIC_RSP_RESULT) {
|
|
|
- if (data->payload_size) {
|
|
|
+ if (data->payload_size >= sizeof(ptr[0]) * 2) {
|
|
|
ptr = data->payload;
|
|
|
|
|
|
pr_debug("%x %x\n", ptr[0], ptr[1]);
|
|
|
@@ -7470,7 +7470,13 @@ static int32_t qdsp_mvm_callback(struct apr_client_data *data, void *priv)
|
|
|
} else if (data->opcode == VSS_IMEMORY_RSP_MAP) {
|
|
|
pr_debug("%s, Revd VSS_IMEMORY_RSP_MAP response\n", __func__);
|
|
|
|
|
|
- if (data->payload_size && data->token == VOIP_MEM_MAP_TOKEN) {
|
|
|
+ if (data->payload_size < sizeof(ptr[0])) {
|
|
|
+ pr_err("%s: payload has invalid size[%d]\n", __func__,
|
|
|
+ data->payload_size);
|
|
|
+ return -EINVAL;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (data->token == VOIP_MEM_MAP_TOKEN) {
|
|
|
ptr = data->payload;
|
|
|
if (ptr[0]) {
|
|
|
v->shmem_info.mem_handle = ptr[0];
|
|
|
@@ -7537,10 +7543,13 @@ static int32_t qdsp_mvm_callback(struct apr_client_data *data, void *priv)
|
|
|
pr_debug("%s: Received VSS_IVERSION_RSP_GET\n", __func__);
|
|
|
|
|
|
if (data->payload_size) {
|
|
|
+ min_payload_size = min_t(u32, (int)data->payload_size,
|
|
|
+ CVD_VERSION_STRING_MAX_SIZE);
|
|
|
version_rsp =
|
|
|
(struct vss_iversion_rsp_get_t *)data->payload;
|
|
|
memcpy(common.cvd_version, version_rsp->version,
|
|
|
- CVD_VERSION_STRING_MAX_SIZE);
|
|
|
+ min_payload_size);
|
|
|
+ common.cvd_version[min_payload_size - 1] = '\0';
|
|
|
pr_debug("%s: CVD Version = %s\n",
|
|
|
__func__, common.cvd_version);
|
|
|
|
Linux Build Service Account