[GIT PULL] ASoC updates for v5.8
Mark Brown
broonie at kernel.org
Tue Jun 2 21:03:34 CEST 2020
On Tue, Jun 02, 2020 at 06:42:25PM +0200, Takashi Iwai wrote:
> But, looking more at the code around that line, I could spot many
> other bugs. You cannot trust the firmware file and you must check the
> size. The current code can trigger out-of-bound accesses and crash
> very easily when a malformed firmware file is tossed; e.g. just put an
> empty file (or a huge file) as dsm_param.bin.
Yeah, it's not great - the potential impact is limited by regmap which
will bounds check attempts to write beyond the last register (though now
I look again we're using unsigned values so we should definitely be
limiting the lower size) but it would be better to limit it to just the
registers that should be being configured. Possibly even just to one
valid file length if it's always all the same registers being configured.
Steve?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://mailman.alsa-project.org/pipermail/alsa-devel/attachments/20200602/9fe303f6/attachment.sig>
More information about the Alsa-devel
mailing list