On Thu, 04 Apr 2019 15:59:46 +0200, Pierre-Louis Bossart wrote:
+/* generic module parser for mmaped DSPs */ +int snd_sof_parse_module_memcpy(struct snd_sof_dev *sdev, + struct snd_sof_mod_hdr *module) +{ + struct snd_sof_blk_hdr *block; + int count; + u32 offset; + size_t remaining; + + dev_dbg(sdev->dev, "new module size 0x%x blocks 0x%x type 0x%x\n", + module->size, module->num_blocks, module->type); + + block = (struct snd_sof_blk_hdr *)((u8 *)module + sizeof(*module)); + + /* module->size doesn't include header size */ + remaining = module->size; + for (count = 0; count < module->num_blocks; count++) { + /* minus header size of block */ + remaining -= sizeof(*block); + if (remaining < block->size) { + dev_err(sdev->dev, "error: not enough data remaining\n"); + return -EINVAL; + }
remaining is unsigned, so a negative check doesn't work here. Hence you need the explicit underflow check.
yes, probably need ssize_t here.
Be careful. If block->size is unsigned, the comparison is also done as unsigned in the code above. Takashi