summaryrefslogtreecommitdiff
path: root/include/linux/stackprotector.h
diff options
context:
space:
mode:
authorPeter Ujfalusi <peter.ujfalusi@linux.intel.com>2026-06-09 11:34:55 +0300
committerMark Brown <broonie@kernel.org>2026-06-09 20:41:11 +0300
commit8791977d7289f6e9d2b014f60a5455f053a7bc04 (patch)
tree30b68d3cd19de2fd0effb814721e4edb890cb84a /include/linux/stackprotector.h
parent5bdfeccb7fbf6e000fc783cd8412732e67c1ad0c (diff)
downloadlinux-8791977d7289f6e9d2b014f60a5455f053a7bc04.tar.xz
ASoC: SOF: ipc3-control: Use overflow checks in control_update size calc
In sof_ipc3_control_update(), the expected_size calculation uses firmware-provided cdata->num_elems in arithmetic that could overflow on 32-bit platforms, wrapping to a small value. This would allow the cdata->rhdr.hdr.size comparison to pass with mismatched sizes, potentially leading to out-of-bounds access in snd_sof_update_control. Use check_mul_overflow() and check_add_overflow() to detect and reject overflowed size calculations. Fixes: 10f461d79c2d ("ASoC: SOF: Add IPC3 topology control ops") Cc: stable@vger.kernel.org Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood@intel.com> Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com> Link: https://patch.msgid.link/20260609083458.31193-4-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown <broonie@kernel.org>
Diffstat (limited to 'include/linux/stackprotector.h')
0 files changed, 0 insertions, 0 deletions