Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / third_party / sound-open-firmware / refs/heads/upstream/acp-topo
commit4de66271ecbdefeee86ece09643e76fa8091acba[log] [tgz]
authorCurtis Malainey <cujomalainey@chromium.org>Tue Sep 14 16:39:14 2021 -0700
committerLiam Girdwood <lgirdwood@gmail.com>Mon Sep 20 11:12:34 2021 +0100
tree21d7d3d5c415fc0bddd78ef512c173702ebe8d31
parent853c0a79080c76c0b9d0f8170ed897f11335ebd3 [diff]
ipc: check type before freeing

When freeing we currently implicitly are trusting the ID to match the
type specified in the message. From a security standpoint this is wrong,
never trust the other side. This is the likely cause of how the fuzzer
is leaking memory in pipelines since they have additional allocations
that are not freed when they are treated as a buffer or a component.

Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
2 files changed
tree: 21d7d3d5c415fc0bddd78ef512c173702ebe8d31
  1. .github/
  2. doc/
  3. installer/
  4. keys/
  5. scripts/
  6. smex/
  7. src/
  8. test/
  9. tools/
  10. zephyr/
  11. rimage
  12. .gitignore
  13. .gitmodules
  14. .travis.yml
  15. CMakeLists.txt
  16. CODEOWNERS
  17. Kconfig
  18. Kconfig.sof
  19. Kconfig.xtos-build
  20. Kconfig.xtos-dbg
  21. LICENCE
  22. README.md
README.md

Sound Open Firmware

Status

GitHub Actions Build Status Gitter chat

Documentation

See docs

Running the tests

See unit testing documentation

Deployment

TODO: Add additional notes about how to deploy this on a live system

Contributing

See Contributing to the Project

License

This project is licensed under the BSD Clause 3 - see the LICENCE file for details