ASoC: msm: qdsp6v2: Remove param_size from pkt_size of apr header

As param_size is included in apr header pkt_size, out of
bounds access occurs in glink. Remove the param size addition
to fix this issue.

CRs-Fixed: 2472208
Change-Id: If8b34aeacd3bc9ba67ac9276eb1a8ebf0933f9f9
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>

diff --git a/sound/soc/msm/qdsp6v2/q6afe.c b/sound/soc/msm/qdsp6v2/q6afe.c
index c8a2cc3..7ee774d 100644 (file)
--- a/sound/soc/msm/qdsp6v2/q6afe.c
+++ b/sound/soc/msm/qdsp6v2/q6afe.c
@@ -1241,7 +1241,7 @@ static int q6afe_get_params_v2(u16 port_id, int index,
        afe_get_param.apr_hdr.hdr_field =
                APR_HDR_FIELD(APR_MSG_TYPE_SEQ_CMD, APR_HDR_LEN(APR_HDR_SIZE),
                              APR_PKT_VER);
-       afe_get_param.apr_hdr.pkt_size = sizeof(afe_get_param) + param_size;
+       afe_get_param.apr_hdr.pkt_size = sizeof(afe_get_param);
        afe_get_param.apr_hdr.src_port = 0;
        afe_get_param.apr_hdr.dest_port = 0;
        afe_get_param.apr_hdr.token = index;