[alsa-devel] [PATCH v4] ASoC: Intel: Skylake: Add DSP firmware manifest parsing
Mark Brown
broonie at kernel.org
Fri May 13 14:14:17 CEST 2016
On Fri, May 13, 2016 at 05:25:47PM +0530, Vinod Koul wrote:
> + /* Get the FW pointer to derive ADSP header */
> + buf = ctx->fw->data;
> + adsp_hdr = (struct adsp_fw_hdr *)(buf + SKL_ADSP_FW_BIN_HDR_OFFSET);
> + mod_entry = (struct adsp_module_entry *)
> + (buf + SKL_ADSP_FW_BIN_HDR_OFFSET + adsp_hdr->header_len);
What if we somehow managed to end up with a zero length firmware (or
something smaller than these headers)?
> + /*
> + * we check if current pointer is larger than file size from
> + * base value to check excceding the file while parsing
> + */
> + if ((const char *)mod_entry >= buf + ctx->fw->size) {
> + dev_err(ctx->dev,
> + "Exceeds file bound: Entry %d Ptr %p\n",
> + i, mod_entry);
> +
> + return -EIO;
> + }
This checks the start of the entry but it still lets us read beyond the
end of the file.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://mailman.alsa-project.org/pipermail/alsa-devel/attachments/20160513/4c01bad2/attachment-0001.sig>
More information about the Alsa-devel
mailing list