On Fri, 14 Jun 2024 06:05:54 +0200,
Baojun Xu wrote:
> +static struct tasdevice_config_info *tasdevice_add_config(
> + struct tasdevice_priv *tas_priv, unsigned char *config_data,
> + unsigned int config_size, int *status)
> +{
(snip)
> + /*
> + * convert data[offset], data[offset + 1], data[offset + 2] and
> + * data[offset + 3] into host
> + */
> + cfg_info->nblocks = get_unaligned_be32(&config_data[config_offset]);
> + config_offset += 4;
> +
> + /*
> + * Several kinds of dsp/algorithm firmwares can run on tas2781,
> + * the number and size of blk are not fixed and different among
> + * these firmwares.
> + */
> + bk_da = cfg_info->blk_data = kcalloc(cfg_info->nblocks,
> + sizeof(*bk_da), GFP_KERNEL);
So the allocation size relies on the firmware data content, and it can
practically any value. It'd be safer to have some sanity check for
avoiding the allocation of too large pages.
Ditto for other allocations in this code; you should never trust the
firmware binary.
Also, in general, the comments are missing for functions in
tas2781_spi_fwlib.c completely. A brief comment for each function
would be helpful for readers.
thanks,
Takashi
