> -----Original Message----- > From: Mark Brown <broonie@xxxxxxxxxx> > Sent: Wednesday, June 3, 2020 4:04 AM > To: Takashi Iwai <tiwai@xxxxxxx> > Cc: alsa-devel@xxxxxxxxxxxxxxxx; Liam Girdwood <lgirdwood@xxxxxxxxx>; > Steve Lee <SteveS.Lee@xxxxxxxxxxxxxxxxxxx> > Subject: Re: [GIT PULL] ASoC updates for v5.8 > > On Tue, Jun 02, 2020 at 06:42:25PM +0200, Takashi Iwai wrote: > > > But, looking more at the code around that line, I could spot many > > other bugs. You cannot trust the firmware file and you must check the > > size. The current code can trigger out-of-bound accesses and crash > > very easily when a malformed firmware file is tossed; e.g. just put an > > empty file (or a huge file) as dsm_param.bin. > > Yeah, it's not great - the potential impact is limited by regmap which will bounds > check attempts to write beyond the last register (though now I look again we're > using unsigned values so we should definitely be limiting the lower size) but it > would be better to limit it to just the registers that should be being configured. > Possibly even just to one valid file length if it's always all the same registers > being configured. > > Steve? Thanks for suggest in detail. I will update as limiting size as prevent potential risk.
