Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Selector get_data fixes #9388

Merged
merged 2 commits into from
Aug 26, 2024
Merged

Selector get_data fixes #9388

merged 2 commits into from
Aug 26, 2024

Conversation

cujomalainey
Copy link
Member

No description provided.

@cujomalainey
selector: add a minimum size check for get_data
1f6f2dd 
Check to make sure we actually have enough space to copy the config, if
we don't we will assert and crash when we could have handled this
gracefully.

Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
@cujomalainey
selector: fix memcpy parameters
4313e8a 
We should be using the trusted max size passed in via the framework
rather than the scratch memory we are passing into the host.

Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
@cujomalainey cujomalainey added the bug Something isn't working as expected label Aug 22, 2024
lyakh
lyakh reviewed Aug 22, 2024
View reviewed changes
src/audio/selector/selector.c
ret = memcpy_s(cdata->data->data, ((struct sof_abi_hdr *)
(cdata->data))->size, &cd->config,
ret = memcpy_s(cdata->data->data,
size, &cd->config,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should ((struct sof_abi_hdr *)(cdata->data))->size be checked for validity?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think so given we overwrite it below as the reply.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but it comes from the user, right? So I thought that maybe we shouldn't be talking to misbehaving users, or at least should warn the system?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In theory yes, but I wonder if it's worth the code on DSP side given there are checks here for "size" and aother check in "ipc_comp_value()". This would be really only useful for a legitimate host that is somehow misconfigured, but that will show up already in logs as the header size will be changed by DSP in the response.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also if we were wanting to change that, it should be a layer above, we should not be doing that check at every module

kv2019i
kv2019i approved these changes Aug 26, 2024
View reviewed changes
src/audio/selector/selector.c
ret = memcpy_s(cdata->data->data, ((struct sof_abi_hdr *)
(cdata->data))->size, &cd->config,
ret = memcpy_s(cdata->data->data,
size, &cd->config,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In theory yes, but I wonder if it's worth the code on DSP side given there are checks here for "size" and aother check in "ipc_comp_value()". This would be really only useful for a legitimate host that is somehow misconfigured, but that will show up already in logs as the header size will be changed by DSP in the response.

@cujomalainey cujomalainey merged commit 10bffa7 into thesofproject:main Aug 26, 2024
41 of 47 checks passed
@cujomalainey cujomalainey deleted the selector branch August 26, 2024 15:33
@cujomalainey
Copy link
Member Author

merging as this is a outstanding fuzzer failure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lyakh lyakh lyakh left review comments

@lgirdwood lgirdwood lgirdwood approved these changes

@kv2019i kv2019i kv2019i approved these changes

@tlissows tlissows Awaiting requested review from tlissows tlissows is a code owner

@btian1 btian1 Awaiting requested review from btian1

@lbetlej lbetlej Awaiting requested review from lbetlej

Assignees
No one assigned
Labels
bug Something isn't working as expected
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cujomalainey @lyakh @lgirdwood @kv2019i