22 Apr
2016
22 Apr
'16
5:13 a.m.
On Thu, Apr 21, 2016 at 05:07:13PM +0100, Mark Brown wrote:
On Thu, Apr 21, 2016 at 11:45:23AM +0530, Vinod Koul wrote:
- num_entry = adsp_hdr->num_module_entries;
- tbl = devm_kzalloc(ctx->dev,
num_entry * sizeof(struct uuid_tbl), GFP_KERNEL);
- if (!tbl)
return -ENOMEM;
I'm still not seeing any bounds checking to make sure we don't read beyond the end of the firmware file.
Since we are using adsp_hdr->num_module_entrie for parsing technically we should not go beyond.
But yes if the file goes bad then we might have an issue, we will add check for that
Thanks
--
~Vinod