audio: module_adapter_ipc4: add range check to module_get_large_config()#10875
audio: module_adapter_ipc4: add range check to module_get_large_config()#10875kv2019i wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR hardens IPC4 large configuration reads by validating a host-supplied offset in module_get_large_config() to prevent an unsigned underflow when calculating the final fragment size.
Changes:
- Add a range check rejecting
*data_offset_sizevalues that exceedmd->cfg.sizefor the last fragment in multi-block GET. - Improve control flow clarity in the multi-block/last-block branch by adding braces and a defensive error return.
|
@kv2019i can you checking in with QB CI, Ive restarted the GH actions. |
| * field) and both operands are unsigned, so reject an offset | ||
| * past the config size to avoid the subtraction underflowing | ||
| * into a huge fragment_size passed to get_configuration(). | ||
| */ |
There was a problem hiding this comment.
Is such a long comment really needed for such a simple and self-explanatory check?
Save tokens wherever you are! 😎
There was a problem hiding this comment.
I personally removed those copilot added comments. If we explain every line of code with such detailed comments, the code becomes unreadable.
There was a problem hiding this comment.
I kept the verbose comment here as these get_set configs deserve more attention. But ack, maybe this is too much. Will remove in next revision.
| * field) and both operands are unsigned, so reject an offset | ||
| * past the config size to avoid the subtraction underflowing | ||
| * into a huge fragment_size passed to get_configuration(). | ||
| */ |
There was a problem hiding this comment.
I personally removed those copilot added comments. If we explain every line of code with such detailed comments, the code becomes unreadable.
In a multi-block get case, if the host sends data_off_size > md->cfg.size, the calculation of the last fragment size is incorrect if a sufficiently large value is passed. Add validation to catch this case and return an error data_off_size is too large. Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
kv2019i
force-pushed
the
202606-module-adapt-largeconfig-fix
branch
from
9f39959 to
d31bf48
Compare
|
V2:
|
In a multi-block get case, if the host sends data_off_size > md->cfg.size, the calculation of the last fragment size is incorrect if a sufficiently large value is passed.
Add validation to catch this case and return an error data_off_size is too large.