projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1f56643)
ASoC: SOF: Fix incorrect use of sizeof in sof_ipc3_do_rx_work()
authorXia Fukun <xiafukun@huawei.com>
Mon, 7 Aug 2023 07:51:18 +0000 (15:51 +0800)
committerMark Brown <broonie@kernel.org>
Mon, 7 Aug 2023 18:44:54 +0000 (19:44 +0100)
Here hdr is a pointer, and we should measure the size of
struct sof_ipc_cmd_hdr.

Fixes: 12c41c779fad ("ASoC: SOF: Refactor rx function for fuzzing")
Signed-off-by: Xia Fukun <xiafukun@huawei.com>
Reviewed-by: Curtis Malainey <cujomalainey@chromium.org>
Link: https://lore.kernel.org/r/20230807075118.128122-1-xiafukun@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
sound/soc/sof/ipc3.c patch | blob | history

diff --git a/sound/soc/sof/ipc3.c b/sound/soc/sof/ipc3.c
index 2c5aac3..580960f 100644 (file)
--- a/sound/soc/sof/ipc3.c
+++ b/sound/soc/sof/ipc3.c
@@ -1001,7 +1001,7 @@ void sof_ipc3_do_rx_work(struct snd_sof_dev *sdev, struct sof_ipc_cmd_hdr *hdr,
 
        ipc3_log_header(sdev->dev, "ipc rx", hdr->cmd);
 
-       if (hdr->size < sizeof(hdr) || hdr->size > SOF_IPC_MSG_MAX_SIZE) {
+       if (hdr->size < sizeof(*hdr) || hdr->size > SOF_IPC_MSG_MAX_SIZE) {
                dev_err(sdev->dev, "The received message size is invalid: %u\n",
                        hdr->size);
                return;
Domain: System / Kernel;