lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Apr 2022 15:55:17 +0900 From: Sergey Senozhatsky <senozhatsky@...omium.org> To: Pierre-Louis Bossart <pierre-louis.bossart@...ux.intel.com> Cc: Péter Ujfalusi <peter.ujfalusi@...ux.intel.com>, Sergey Senozhatsky <senozhatsky@...omium.org>, Liam Girdwood <liam.r.girdwood@...ux.intel.com>, Ranjani Sridharan <ranjani.sridharan@...ux.intel.com>, Kai Vehmanen <kai.vehmanen@...ux.intel.com>, Jaska Uimonen <jaska.uimonen@...ux.intel.com>, alsa-devel@...a-project.org, Takashi Iwai <tiwai@...e.com>, linux-kernel@...r.kernel.org, Tomasz Figa <tfiga@...omium.org>, Mark Brown <broonie@...nel.org>, Ricardo Ribalda <ribalda@...omium.org>, sound-open-firmware@...a-project.org Subject: Re: out-of-bounds access in sound/soc/sof/topology.c On (22/04/19 08:07), Pierre-Louis Bossart wrote: > > Your analyzes are spot on, unfortunately. But... > > > > As of today, the sof_get_control_data() is in the call path of > > (ipc3-topology.c): > > > > sof_widget_update_ipc_comp_process() -> sof_process_load() -> > > sof_get_control_data() > > > > sof_widget_update_ipc_comp_process() is the ipc_setup callback for > > snd_soc_dapm_effect. If I'm not mistaken these only carries bin payload > > and never MIXER/ENUM/SWITCH/VOLUME. > > This means that the sof_get_control_data() is only called with > > SND_SOC_TPLG_TYPE_BYTES and for that the allocated data area is correct. > > > > This can explain why we have not seen any issues so far. This does not > > renders the code right, as how it is written atm is wrong. > > > Sergey's results with KASAN show that there's a real-life problem though. I also don't understand how that might happen. > > Could it be that these results are with a specific topology where our assumptions are incorrect? Is there anything I can do to help?
Powered by blists - more mailing lists