[PATCH v2] firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files.
In V1 wmfw files the name is a NUL-terminated string in a fixed-size array. cs_dsp should protect against overrunning the array if the NUL terminator is missing.
Signed-off-by: Richard Fitzgerald rf@opensource.cirrus.com Fixes: f6bc909e7673 ("firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs") --- drivers/firmware/cirrus/cs_dsp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/cirrus/cs_dsp.c b/drivers/firmware/cirrus/cs_dsp.c index 16484ab9b09d..8a347b938406 100644 --- a/drivers/firmware/cirrus/cs_dsp.c +++ b/drivers/firmware/cirrus/cs_dsp.c @@ -1183,4 +1183,4 @@ static int cs_dsp_coeff_parse_alg(struct cs_dsp *dsp, blk->id = le32_to_cpu(raw->id); blk->name = raw->name; - blk->name_len = strlen(raw->name); + blk->name_len = strnlen(raw->name, ARRAY_SIZE(raw->name)); blk->ncoeff = le32_to_cpu(raw->ncoeff); @@ -1260,4 +1260,4 @@ static int cs_dsp_coeff_parse_coeff(struct cs_dsp *dsp, blk->name = raw->name; - blk->name_len = strlen(raw->name); + blk->name_len = strnlen(raw->name, ARRAY_SIZE(raw->name)); blk->ctl_type = le16_to_cpu(raw->ctl_type); blk->flags = le16_to_cpu(raw->flags);
On 08/07/2024 16:20, Richard Fitzgerald wrote:
Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files.
In V1 wmfw files the name is a NUL-terminated string in a fixed-size array. cs_dsp should protect against overrunning the array if the NUL terminator is missing.
Signed-off-by: Richard Fitzgerald rf@opensource.cirrus.com Fixes: f6bc909e7673 ("firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs")
drivers/firmware/cirrus/cs_dsp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/cirrus/cs_dsp.c b/drivers/firmware/cirrus/cs_dsp.c index 16484ab9b09d..8a347b938406 100644 --- a/drivers/firmware/cirrus/cs_dsp.c +++ b/drivers/firmware/cirrus/cs_dsp.c @@ -1183,4 +1183,4 @@ static int cs_dsp_coeff_parse_alg(struct cs_dsp *dsp, blk->id = le32_to_cpu(raw->id); blk->name = raw->name;
blk->name_len = strlen(raw->name);
blk->name_len = strnlen(raw->name, ARRAY_SIZE(raw->name));@@ -1260,4 +1260,4 @@ static int cs_dsp_coeff_parse_coeff(struct cs_dsp *dsp, blk->name = raw->name;
blk->name_len = strlen(raw->name);
blk->name_len = strnlen(raw->name, ARRAY_SIZE(raw->name));
This is the same patch as V1 but with a couple of conflicting lines dropped from the context. You can ignore this V2 if you've got V1 to apply cleanly.
Sorry for the confusion.
participants (1)
-
Richard Fitzgerald