On Thu, Apr 21, 2016 at 05:07:13PM +0100, Mark Brown wrote: > On Thu, Apr 21, 2016 at 11:45:23AM +0530, Vinod Koul wrote: > > > + num_entry = adsp_hdr->num_module_entries; > > + > > + tbl = devm_kzalloc(ctx->dev, > > + num_entry * sizeof(struct uuid_tbl), GFP_KERNEL); > > + > > + if (!tbl) > > + return -ENOMEM; > > I'm still not seeing any bounds checking to make sure we don't read > beyond the end of the firmware file. Since we are using adsp_hdr->num_module_entrie for parsing technically we should not go beyond. But yes if the file goes bad then we might have an issue, we will add check for that Thanks -- ~Vinod
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
