Skip to content

Selector get_data fixes#9388

Merged
cujomalainey merged 2 commits intothesofproject:mainfrom
cujomalainey:selector
Aug 26, 2024
Merged

Selector get_data fixes#9388
cujomalainey merged 2 commits intothesofproject:mainfrom
cujomalainey:selector

Conversation

@cujomalainey
Copy link
Contributor

@cujomalainey cujomalainey commented Aug 22, 2024

No description provided.

@cujomalainey
selector: add a minimum size check for get_data
1f6f2dd 
Check to make sure we actually have enough space to copy the config, if
we don't we will assert and crash when we could have handled this
gracefully.

Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
@cujomalainey
selector: fix memcpy parameters
4313e8a 
We should be using the trusted max size passed in via the framework
rather than the scratch memory we are passing into the host.

Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
@cujomalainey cujomalainey requested a review from tlissows as a code owner August 22, 2024 01:09
@cujomalainey cujomalainey requested review from btian1 and lbetlej August 22, 2024 01:10
@cujomalainey cujomalainey added the bug Something isn't working as expected label Aug 22, 2024
lyakh
lyakh reviewed Aug 22, 2024
View reviewed changes
src/audio/selector/selector.c
ret = memcpy_s(cdata->data->data, ((struct sof_abi_hdr *)
(cdata->data))->size, &cd->config,
ret = memcpy_s(cdata->data->data,
size, &cd->config,
Copy link
Collaborator

@lyakh lyakh Aug 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should ((struct sof_abi_hdr *)(cdata->data))->size be checked for validity?

Copy link
Contributor Author

@cujomalainey cujomalainey Aug 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think so given we overwrite it below as the reply.

Copy link
Collaborator

@lyakh lyakh Aug 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but it comes from the user, right? So I thought that maybe we shouldn't be talking to misbehaving users, or at least should warn the system?

Copy link
Collaborator

@kv2019i kv2019i Aug 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In theory yes, but I wonder if it's worth the code on DSP side given there are checks here for "size" and aother check in "ipc_comp_value()". This would be really only useful for a legitimate host that is somehow misconfigured, but that will show up already in logs as the header size will be changed by DSP in the response.

Copy link
Contributor Author

@cujomalainey cujomalainey Aug 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also if we were wanting to change that, it should be a layer above, we should not be doing that check at every module

kv2019i
kv2019i approved these changes Aug 26, 2024
View reviewed changes
src/audio/selector/selector.c
ret = memcpy_s(cdata->data->data, ((struct sof_abi_hdr *)
(cdata->data))->size, &cd->config,
ret = memcpy_s(cdata->data->data,
size, &cd->config,
Copy link
Collaborator

@kv2019i kv2019i Aug 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In theory yes, but I wonder if it's worth the code on DSP side given there are checks here for "size" and aother check in "ipc_comp_value()". This would be really only useful for a legitimate host that is somehow misconfigured, but that will show up already in logs as the header size will be changed by DSP in the response.

@cujomalainey cujomalainey merged commit 10bffa7 into thesofproject:main Aug 26, 2024
@cujomalainey cujomalainey deleted the selector branch August 26, 2024 15:33
@cujomalainey
Copy link
Contributor Author

cujomalainey commented Aug 26, 2024

merging as this is a outstanding fuzzer failure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lyakh lyakh lyakh left review comments

@lgirdwood lgirdwood lgirdwood approved these changes

@kv2019i kv2019i kv2019i approved these changes

@tlissows tlissows Awaiting requested review from tlissows tlissows is a code owner

@btian1 btian1 Awaiting requested review from btian1

@lbetlej lbetlej Awaiting requested review from lbetlej

Assignees

No one assigned

Labels

bug Something isn't working as expected

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cujomalainey @lyakh @lgirdwood @kv2019i