From 0ab4441e74727db9e56b41b4d65555fbaa05d6b2 Mon Sep 17 00:00:00 2001 From: Curtis Malainey Date: Tue, 10 Sep 2024 13:45:46 -0700 Subject: [PATCH] ipc3: check alignment of ext data Sizes are not currently checked for alignment, this can generated unaligned pointers for aligned types which is undefined behaviour. Signed-off-by: Curtis Malainey --- src/ipc/ipc3/helper.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/ipc/ipc3/helper.c b/src/ipc/ipc3/helper.c index f75bb1446188..e86d7c25d94d 100644 --- a/src/ipc/ipc3/helper.c +++ b/src/ipc/ipc3/helper.c @@ -80,6 +80,7 @@ static const struct comp_driver *get_drv(struct sof_ipc_comp *comp) const struct comp_driver *drv = NULL; struct comp_driver_info *info; struct sof_ipc_comp_ext *comp_ext; + uintptr_t offset; k_spinlock_key_t key; /* do we have extended data ? */ @@ -112,9 +113,13 @@ static const struct comp_driver *get_drv(struct sof_ipc_comp *comp) goto out; } - comp_ext = (struct sof_ipc_comp_ext *) - ((uint8_t *)comp + comp->hdr.size - - comp->ext_data_length); + offset = comp->hdr.size - comp->ext_data_length; + if ((offset & 0x3) != 0) { + tr_err(&comp_tr, "Invalid ext data offset %lx", offset); + goto out; + } + + comp_ext = (struct sof_ipc_comp_ext *)((uint8_t *)comp + offset); /* UUID is first item in extended data - check its big enough */ if (comp->ext_data_length < UUID_SIZE) {