OrgACRN
/
sof
mirror of https://github.com/thesofproject/sof.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ipc/pipeline: Check type in ipc_pipeline_complete() 

This function is called based on external commands, and with an
arbitrary component ID that may not actually be a pipeline.  Check the
type before following garbage pointers and passing them down into call
trees.

Found via fuzzing.

Signed-off-by: Andy Ross <andyross@google.com>
This commit is contained in:
Andy Ross 2023-06-06 08:07:10 -07:00 committed by Michal Wasko
parent 7511a1da15
commit d788b34749
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ipc/ipc-helper.c
View File

@ -201,6 +201,12 @@ int ipc_pipeline_complete(struct ipc *ipc, uint32_t comp_id)
return -EINVAL; return -EINVAL;
} }
if (ipc_pipe->type != COMP_TYPE_PIPELINE) {
tr_err(&ipc_tr, "ipc_pipeline_complete(): component %d not pipeline (type %d)",
ipc_pipe->id, ipc_pipe->type);
return -EINVAL;
}
/* check core */ /* check core */
if (!cpu_is_me(ipc_pipe->core)) if (!cpu_is_me(ipc_pipe->core))
return ipc_process_on_core(ipc_pipe->core, false); return ipc_process_on_core(ipc_pipe->core, false);