kpb: Don't assert on memcpy overruns

The config block for the component gets provided externally and is copied directly in using a byte count likewise provided by the host. The use of memcpy_s() prevents overruns, but the error that was detected was being reported via assert(). To fuzzing, that assertion is a fatal error, when clearly this needs to be a runtime failure as it's due to external input and not a local code bug. Signed-off-by: Andy Ross <andyross@google.com>
2023-06-06 08:01:53 -07:00 · 2023-06-06 08:01:53 -07:00 · 7511a1da15
parent 5f118b761b
commit 7511a1da15
2 changed files with 7 additions and 2 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 4ce79b152e23c7b3937a09ef57cdd69d125a9214
+Subproject commit ab0429fdbe563ef6abe499c69b2483e96c4762d0
--- a/src/audio/kpb.c
+++ b/src/audio/kpb.c
@ -394,7 +394,12 @@ static int kpb_set_verify_ipc_params(struct comp_dev *dev,

 	ret = memcpy_s(&kpb->config, sizeof(kpb->config), ipc_config->data,
 		       ipc_config->size);
-	assert(!ret);
+
+	if (ret) {
+		comp_err(dev, "kpb_new(): cannot memcpy_s %d bytes into sof_kpb_config (%d)\n",
+			 ipc_config->size, sizeof(kpb->config));
+		return -EINVAL;
+	}

 	/* Initialize sinks */
 	kpb->sel_sink = NULL;