lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 14 Jun 2024 15:20:29 +0200
From: Takashi Iwai <tiwai@...e.de>
To: Baojun Xu <baojun.xu@...com>
Cc: <robh+dt@...nel.org>,
	<andriy.shevchenko@...ux.intel.com>,
	<lgirdwood@...il.com>,
	<perex@...ex.cz>,
	<pierre-louis.bossart@...ux.intel.com>,
	<kevin-lu@...com>,
	<shenghao-ding@...com>,
	<navada@...com>,
	<13916275206@....com>,
	<v-hampiholi@...com>,
	<v-po@...com>,
	<niranjan.hy@...com>,
	<alsa-devel@...a-project.org>,
	<linux-kernel@...r.kernel.org>,
	<liam.r.girdwood@...el.com>,
	<yung-chuan.liao@...ux.intel.com>,
	<broonie@...nel.org>,
	<soyer@....hu>
Subject: Re: [PATCH v8] ALSA: hda/tas2781: Add tas2781 hda SPI driver

On Fri, 14 Jun 2024 06:05:54 +0200,
Baojun Xu wrote:
> +static struct tasdevice_config_info *tasdevice_add_config(
> +	struct tasdevice_priv *tas_priv, unsigned char *config_data,
> +	unsigned int config_size, int *status)
> +{
(snip)
> +	/*
> +	 * convert data[offset], data[offset + 1], data[offset + 2] and
> +	 * data[offset + 3] into host
> +	 */
> +	cfg_info->nblocks = get_unaligned_be32(&config_data[config_offset]);
> +	config_offset += 4;
> +
> +	/*
> +	 * Several kinds of dsp/algorithm firmwares can run on tas2781,
> +	 * the number and size of blk are not fixed and different among
> +	 * these firmwares.
> +	 */
> +	bk_da = cfg_info->blk_data = kcalloc(cfg_info->nblocks,
> +		sizeof(*bk_da), GFP_KERNEL);

So the allocation size relies on the firmware data content, and it can
practically any value.  It'd be safer to have some sanity check for
avoiding the allocation of too large pages.
Ditto for other allocations in this code; you should never trust the
firmware binary.

Also, in general, the comments are missing for functions in
tas2781_spi_fwlib.c completely.  A brief comment for each function
would be helpful for readers.


thanks,

Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ