From 98e6c6625f455b6d322468ba5513ef48d2e9ec30 Mon Sep 17 00:00:00 2001 From: Andy Ross Date: Thu, 22 Jun 2023 12:00:39 -0700 Subject: [PATCH] audio/selector: Don't assert on input-controllable memcpy_s failure The size argument to the memcpy_s() here is under the control of external data and can fail on garbage. That needs to be a runtime failure, not an assertion. Signed-off-by: Andy Ross --- src/audio/selector/selector.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/audio/selector/selector.c b/src/audio/selector/selector.c index 065c020cb..5ac8dfca5 100644 --- a/src/audio/selector/selector.c +++ b/src/audio/selector/selector.c @@ -193,7 +193,11 @@ static struct comp_dev *selector_new(const struct comp_driver *drv, comp_set_drvdata(dev, cd); ret = memcpy_s(&cd->config, sizeof(cd->config), ipc_process->data, bs); - assert(!ret); + if (ret) { + rfree(cd); + rfree(dev); + return NULL; + } dev->state = COMP_STATE_READY; return dev;