[alsa-devel] [PATCH 1/8] firmware: Sigma: Prevent out of bounds memory access
vapier at gentoo.org
Thu Nov 24 18:26:21 CET 2011
On Thursday 24 November 2011 07:48:20 Lars-Peter Clausen wrote:
> The SigmaDSP firmware loader currently does not perform enough boundary
> size checks when processing the firmware. As a result it is possible that
> a malformed firmware can cause an out of bounds memory access.
> This patch adds checks which ensure that both the action header and the
> payload are completely inside the firmware data boundaries before
> processing them.
in general this looks fine ...
> --- a/drivers/firmware/sigma.c
> +++ b/drivers/firmware/sigma.c
> -/* Return: 0==OK, <0==error, =1 ==no more actions */
> static int
> +process_sigma_action(struct i2c_client *client, struct
> sigma_action *sa)
looks like you're inverting the semantics of this func. i'd add an updated
comment above the func to document the new return values.
> + /* Reject too small or unreasonable large files. The upper limit is
> + * chosen a bit arbitrarily but it should be enough for all practical
> + * purposes and having the limit makes it easier to avoid integer
> + * overflows later in the loading process. */
multi-line comment style:
* line one
* line two
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://mailman.alsa-project.org/pipermail/alsa-devel/attachments/20111124/06daacc7/attachment.sig
More information about the Alsa-devel