]> www.infradead.org Git - users/hch/misc.git/commitdiff
projects / users / hch / misc.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dbda5c3)
ASoC: Intel: avs: Fix theoretical infinite loop
authorCezary Rojewski <cezary.rojewski@intel.com>
Thu, 9 Jan 2025 12:22:06 +0000 (13:22 +0100)
committerMark Brown <broonie@kernel.org>
Thu, 9 Jan 2025 12:14:18 +0000 (12:14 +0000)
While 'stack_dump_size' is a u32 bitfield of 16 bits, u32 has a bigger
upper bound than the type u16 of loop counter 'offset' what in theory
may lead to infinite loop condition.

Found out by Coverity static analyzer.

Fixes: c8c960c10971 ("ASoC: Intel: avs: APL-based platforms support")
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://patch.msgid.link/20250109122216.3667847-4-cezary.rojewski@intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
sound/soc/intel/avs/apl.c patch | blob | history

diff --git a/sound/soc/intel/avs/apl.c b/sound/soc/intel/avs/apl.c
index 27516ef5718591858c87ced104663a2f35a80c7a..d443fe8d51aeeeb9192e661cde567940ae4792d2 100644 (file)
--- a/sound/soc/intel/avs/apl.c
+++ b/sound/soc/intel/avs/apl.c
@@ -125,7 +125,7 @@ int avs_apl_coredump(struct avs_dev *adev, union avs_notify_msg *msg)
        struct avs_apl_log_buffer_layout layout;
        void __iomem *addr, *buf;
        size_t dump_size;
-       u16 offset = 0;
+       u32 offset = 0;
        u8 *dump, *pos;
 
        dump_size = AVS_FW_REGS_SIZE + msg->ext.coredump.stack_dump_size;
Unnamed repository; edit this file 'description' to name the repository.