From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from alsa0.perex.cz (alsa0.perex.cz [77.48.224.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 72FCEC32772 for ; Tue, 23 Aug 2022 09:43:57 +0000 (UTC) Received: from alsa1.perex.cz (alsa1.perex.cz [207.180.221.201]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by alsa0.perex.cz (Postfix) with ESMTPS id D2B63850; Tue, 23 Aug 2022 11:43:04 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa0.perex.cz D2B63850 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=alsa-project.org; s=default; t=1661247834; bh=h6CWLqvVRXjQzjVwGf64vvc1NtiK5BwrrHRF8qaa67M=; h=Date:Subject:To:References:From:In-Reply-To:Cc:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From; b=TDvI1wsNT+rykFtKswuZXYA0ZP7HaH0LySwl9jvlqVmkAXTtsn8i+fm4gv7ceYitb LOXmqwOQ8yQdeawhkoFicV2K5rI6Zx3xvKZXF1/wM6pEVrmrgmkn2QBOW5k50iJfSS gAwfN7O0a4Cc+Ucqe5TF9ppVcqzV7vmfdryx9kZI= Received: from alsa1.perex.cz (localhost.localdomain [127.0.0.1]) by alsa1.perex.cz (Postfix) with ESMTP id 4742AF8020D; Tue, 23 Aug 2022 11:43:04 +0200 (CEST) Received: by alsa1.perex.cz (Postfix, from userid 50401) id 69E74F8027B; Tue, 23 Aug 2022 11:43:02 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by alsa1.perex.cz (Postfix) with ESMTPS id B30A7F800A7 for ; Tue, 23 Aug 2022 11:42:53 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa1.perex.cz B30A7F800A7 Authentication-Results: alsa1.perex.cz; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="CzgYecBu" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1661247780; x=1692783780; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=h6CWLqvVRXjQzjVwGf64vvc1NtiK5BwrrHRF8qaa67M=; b=CzgYecBu3U2wGJUUY86DxD71OJcE1C2U1vv+m0JojP34Xy7obbYC/+vg Ttd3IxBAJy2n9qVlZC9QhDxlRaDrl482hfquU6mPCG1BIqnvjWSJ9fmZi we1Qb2BptMZiR1Ad0ScU0caeKxslc5plOCrMrquUpX7Cha3iYVzQQke+7 SWPymhaYefJt1fJhzee+XjBhEE8eIegRsYpsB10EgA6/1rNy+9iHqNV47 xKR1EKGwvimjWKNJXalXoMUNAKt0a9uyC6plaehX8pFUw7qDsytFAs/89 a7XSt4dNOJ2gXp3j+lAdqWEJI7yp2JLnqM9rZ0cnuw+TqG+GOO85jO9fP w==; X-IronPort-AV: E=McAfee;i="6500,9779,10447"; a="294431352" X-IronPort-AV: E=Sophos;i="5.93,257,1654585200"; d="scan'208";a="294431352" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Aug 2022 02:42:42 -0700 X-IronPort-AV: E=Sophos;i="5.93,257,1654585200"; d="scan'208";a="609284389" Received: from pnystrom-mobl1.ger.corp.intel.com (HELO [10.252.50.219]) ([10.252.50.219]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Aug 2022 02:42:39 -0700 Message-ID: <47d5c5d7-5aaf-c554-a943-6059b38d2dcd@linux.intel.com> Date: Tue, 23 Aug 2022 10:41:28 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Thunderbird/91.11.0 Subject: Re: [PATCH 2/4] ALSA: hda: intel-nhlt: add intel_nhlt_ssp_mclk_mask() Content-Language: en-US To: Takashi Iwai References: <20220822185911.170440-1-pierre-louis.bossart@linux.intel.com> <20220822185911.170440-3-pierre-louis.bossart@linux.intel.com> <87zgfvqs1p.wl-tiwai@suse.de> From: Pierre-Louis Bossart In-Reply-To: <87zgfvqs1p.wl-tiwai@suse.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: alsa-devel@alsa-project.org, broonie@kernel.org, Bard Liao , Cezary Rojewski , Kai Vehmanen X-BeenThere: alsa-devel@alsa-project.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Alsa-devel mailing list for ALSA developers - http://www.alsa-project.org" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: alsa-devel-bounces@alsa-project.org Sender: "Alsa-devel" Hi Takashi, >> +#define SSP_BLOB_V1_0_SIZE 84 >> +#define SSP_BLOB_V1_0_MDIVC_OFFSET 19 /* offset in u32 */ >> +#define SSP_BLOB_V1_5_SIZE 96 >> +#define SSP_BLOB_V1_5_MDIVC_OFFSET 21 /* offset in u32 */ > > This is 84 in bytes, which is equal with SSP_BLOB_V1_0_size. > So... > >> + for (j = 0; j < fmt->fmt_count; j++) { >> + u32 *blob; >> + int mdivc_offset; >> + >> + if (cfg->config.size >= SSP_BLOB_V1_0_SIZE) { >> + blob = (u32 *)cfg->config.caps; > > ... the size check is >= 84. If cfg->config.size==84, it may be an > out-of-bound read at blob[SSP_BLOB_V1_5_MDIVC_OFFSET]? > > I don't think this would really matter in practice, but it's better to > have a proper check, of course. The check was intended to be a minimal check but you're right that it doesn't cover the 1.5 case. it might make more sense to first make sure we have enough space to read the version and then check for an exact match between expected size and actual size before reading the mdivc value. Will fix, thanks for the feedback. -Pierre