From 68e8c9066f52479b89eb41d8bf9912c497de99e2 Mon Sep 17 00:00:00 2001 From: Daniel Baluta Date: Wed, 23 Mar 2022 17:39:07 +0200 Subject: [PATCH] ipc3: Check ipc size check for pcm_params to account for ext_data Now that sof_ipc_pcm_params struct has some extended data at the end the hdr.size will also account for this data. Change sanity condition to see if hdr.size is updated to keep track of extended data. Also check that ext_data will not go beyond SOF_IPC_MAX_SIZE. Signed-off-by: Daniel Baluta --- src/ipc/ipc3/handler.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/ipc/ipc3/handler.c b/src/ipc/ipc3/handler.c index 0c0998f0f..9ce3ba62e 100644 --- a/src/ipc/ipc3/handler.c +++ b/src/ipc/ipc3/handler.c @@ -219,8 +219,26 @@ static int ipc_stream_pcm_params(uint32_t stream) return -EINVAL; } - if (IPC_IS_SIZE_INVALID(pcm_params.params)) { - IPC_SIZE_ERROR_TRACE(&ipc_tr, pcm_params.params); + /* sanity check for pcm_params size */ + if (pcm_params.hdr.size != + sizeof(pcm_params) + pcm_params.params.ext_data_length) { + tr_err(&ipc_tr, "pcm_params invalid size, hdr.size=%d, ext_data_len=%d", + pcm_params.hdr.size, pcm_params.params.ext_data_length); + return -EINVAL; + } + + /* sanity check for pcm_params.params size */ + if (pcm_params.params.hdr.size != + sizeof(pcm_params.params) + pcm_params.params.ext_data_length) { + tr_err(&ipc_tr, "pcm_params.params invalid size, hdr.size=%d, ext_data_len=%d", + pcm_params.params.hdr.size, pcm_params.params.ext_data_length); + return -EINVAL; + } + + if (sizeof(pcm_params) + pcm_params.params.ext_data_length > SOF_IPC_MSG_MAX_SIZE) { + tr_err(&ipc_tr, "pcm_params ext_data_length invalid size %d max allowed %d", + pcm_params.params.ext_data_length, + SOF_IPC_MSG_MAX_SIZE - sizeof(pcm_params)); return -EINVAL; }