ASoC: SOF: ipc-msg-injector: Cap the rmaining to count in IPC4 mode - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Peter Ujfalusi <[email protected]>	2022-05-16 12:24:42 +0300
committer	Mark Brown <[email protected]>	2022-05-17 11:58:11 +0100
commit	c5003f08fe671fb1f18bca07e589c5cffeccbc9b (patch)
tree	b5135b98c552761d574d121b2e3341c261f9f340 /lib/test_fortify/write_overflow-strlcpy-src.c
parent	dba2d5ae4cb03ef4ca8a82ce8d81e54b75cf4165 (diff)

ASoC: SOF: ipc-msg-injector: Cap the rmaining to count in IPC4 mode

If user space provides smaller buffer than the IPC4 reply then it is possible that we corrupt user space memory since the IPC4 dfs_read function is not using the count directly in copy_to_user() due to the nature of an IPC4 message. Cap the remaining counter to make sure that we are not writing too much to the user space provided buffer. Add a check also to make sure that the buffer is at least the size of the IPC4 header. Fixes: 066c67624d8c: "ASoC: SOF: ipc-msg-injector: Add support for IPC4 messages" Reported-by: Dan Carpenter <[email protected]> Signed-off-by: Peter Ujfalusi <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Mark Brown <[email protected]>

Diffstat (limited to 'lib/test_fortify/write_overflow-strlcpy-src.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: