--- c2db2d3e923646245ada6bf595d8aa59594fd090
+++ da277e02bd8d07670611fc07ea3c6c0c5bac57b9
@@ -442,7 +442,9 @@ u32 send_adm_apr(void *buf, u32 opcode)
 	}
 
 
-	if (payload_size > MAX_PAYLOAD_SIZE) {
+	if ((payload_size < 0) ||
+		(payload_size > MAX_PAYLOAD_SIZE)) {
+
 			pr_err("%s: Invalid payload size = %d\n",
 				__func__, payload_size);
 		goto done;
@@ -612,7 +614,9 @@ u32 send_rtac_asm_apr(void *buf, u32 opc
 		goto done;
 	}
 
-	if (payload_size > MAX_PAYLOAD_SIZE) {
+	if ((payload_size < 0) ||
+		(payload_size > MAX_PAYLOAD_SIZE)) {
+
 			pr_err("%s: Invalid payload size = %d\n",
 				__func__, payload_size);
 		goto done;
@@ -719,7 +723,7 @@ void rtac_set_voice_handle(u32 mode, voi
 bool rtac_make_voice_callback(u32 mode, uint32_t *payload, u32 payload_size)
 {
 	if ((atomic_read(&rtac_voice_apr_data[mode].cmd_state) != 1) ||
-			(mode >= RTAC_VOICE_MODES))
+			(mode < 0) || (mode >= RTAC_VOICE_MODES))
 		return false;
 
 	pr_debug("%s\n", __func__);
@@ -778,7 +782,9 @@ u32 send_voice_apr(u32 mode, void *buf,
 		goto done;
 	}
 
-	if (payload_size > MAX_PAYLOAD_SIZE) {
+	if ((payload_size < 0) ||
+		(payload_size > MAX_PAYLOAD_SIZE)) {
+
 			pr_err("%s: Invalid payload size = %d\n",
 				__func__, payload_size);
 		goto done;