On Thu, 04 Apr 2019 15:59:46 +0200,
Pierre-Louis Bossart wrote:
>
> >> +/* generic module parser for mmaped DSPs */
> >> +int snd_sof_parse_module_memcpy(struct snd_sof_dev *sdev,
> >> + struct snd_sof_mod_hdr *module)
> >> +{
> >> + struct snd_sof_blk_hdr *block;
> >> + int count;
> >> + u32 offset;
> >> + size_t remaining;
> >> +
> >> + dev_dbg(sdev->dev, "new module size 0x%x blocks 0x%x type 0x%x\n",
> >> + module->size, module->num_blocks, module->type);
> >> +
> >> + block = (struct snd_sof_blk_hdr *)((u8 *)module + sizeof(*module));
> >> +
> >> + /* module->size doesn't include header size */
> >> + remaining = module->size;
> >> + for (count = 0; count < module->num_blocks; count++) {
> >> + /* minus header size of block */
> >> + remaining -= sizeof(*block);
> >> + if (remaining < block->size) {
> >> + dev_err(sdev->dev, "error: not enough data remaining\n");
> >> + return -EINVAL;
> >> + }
> >
> > remaining is unsigned, so a negative check doesn't work here.
> > Hence you need the explicit underflow check.
>
> yes, probably need ssize_t here.
Be careful. If block->size is unsigned, the comparison is also done
as unsigned in the code above.
Takashi
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
https://mailman.alsa-project.org/mailman/listinfo/alsa-devel
