OrgACRN
/
sof
mirror of https://github.com/thesofproject/sof.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ipcv3: fix memory access bug 

Fuzzer found a way to try and access a buffer as a component which
results in a UAF crash.

Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
This commit is contained in:
Curtis Malainey 2021-08-20 12:33:40 -07:00 committed by Curtis Malainey
parent 0570315cd9
commit 804d302b3c
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ipc/ipc3/handler.c
View File

@ -1106,6 +1106,12 @@ static int ipc_comp_value(uint32_t header, uint32_t cmd)
return -ENODEV; return -ENODEV;
} }
if (comp_dev->type != COMP_TYPE_COMPONENT) {
tr_err(&ipc_tr, "ipc: comp %d is not of type component",
data->comp_id);
return -EINVAL;
}
/* check core */ /* check core */
if (!cpu_is_me(comp_dev->core)) if (!cpu_is_me(comp_dev->core))
return ipc_process_on_core(comp_dev->core, false); return ipc_process_on_core(comp_dev->core, false);