ASoC: SOF: Fix incorrect use of sizeof in sof_ipc3_do_rx_work()

Here hdr is a pointer, and we should measure the size of
struct sof_ipc_cmd_hdr.

Fixes: 12c41c779fad ("ASoC: SOF: Refactor rx function for fuzzing")
Signed-off-by: Xia Fukun <xiafukun@huawei.com>
Reviewed-by: Curtis Malainey <cujomalainey@chromium.org>
Link: https://lore.kernel.org/r/20230807075118.128122-1-xiafukun@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>

diff --git a/sound/soc/sof/ipc3.c b/sound/soc/sof/ipc3.c
index 2c5aac31e8b0712ec05ef46724d14e7414fede02..580960ff273d1c3ea940e4db474cd17291806624 100644 (file)
--- a/sound/soc/sof/ipc3.c
+++ b/sound/soc/sof/ipc3.c
@@ -1001,7 +1001,7 @@ void sof_ipc3_do_rx_work(struct snd_sof_dev *sdev, struct sof_ipc_cmd_hdr *hdr,
 
        ipc3_log_header(sdev->dev, "ipc rx", hdr->cmd);
 
-       if (hdr->size < sizeof(hdr) || hdr->size > SOF_IPC_MSG_MAX_SIZE) {
+       if (hdr->size < sizeof(*hdr) || hdr->size > SOF_IPC_MSG_MAX_SIZE) {
                dev_err(sdev->dev, "The received message size is invalid: %u\n",
                        hdr->size);
                return;