[PATCH v4] ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload

[Sergey Senozhatsky]

On (22/04/27 21:52), Peter Ujfalusi wrote:
> It is possible to craft a topology where sof_get_control_data() would do
> out of bounds access because it expects that it is only called when the
> payload is bytes type.
> Confusingly it also handles other types of controls, but the payload
> parsing implementation is only valid for bytes.
> 
> Fix the code to count the non bytes controls and instead of storing a
> pointer to sof_abi_hdr in sof_widget_data (which is only valid for bytes),
> store the pointer to the data itself and add a new member to save the size
> of the data.
> 
> In case of non bytes controls we store the pointer to the chanv itself,
> which is just an array of values at the end.
> 
> In case of bytes control, drop the wrong cdata->data (wdata[i].pdata) check
> against NULL since it is incorrect and invalid in this context.
> The data is pointing to the end of cdata struct, so it should never be
> null.
> 
> Reported-by: Sergey Senozhatsky <senozhatsky at chromium.org>
> Signed-off-by: Peter Ujfalusi <peter.ujfalusi at linux.intel.com>

FWIW
Reviewed-by: Sergey Senozhatsky <senozhatsky at chromium.org>
Tested-by: Sergey Senozhatsky <senozhatsky at chromium.org>