Skip to content

Commit

Permalink
fix: comp_dev: initialize buffer lists to prevent NULL dereference
Browse files Browse the repository at this point in the history
This patch addresses a NULL dereference issue in the SOF firmware that
was exposed by a recent change in Zephyr's MMU mapping for Intel ADSP
ACE30. The change prevents mapping of the 0x0 address, which helps catch
NULL pointer accesses.

The issue was identified during testing, where an exception occurred due
to uninitialized buffer lists in the `comp_dev` structure. The
`list_init` function is called in `comp_new()` (for both IPC3 and IPC4),
but a NULL dereference can happen in the component `ops->create()`
function, which is called before the list is initialized. One affected
component is IPC4 `copier_ipcgtw`.

To fix this, the `bsink_list` and `bsource_list` are now initialized in
the `comp_alloc` function. This ensures that the lists point to
themselves before any use, preventing NULL dereference and subsequent
exceptions.

Link: #9687

Signed-off-by: Tomasz Leman <[email protected]>
  • Loading branch information
tmleman committed Nov 28, 2024
1 parent 40ed1e2 commit 5f5588c
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/include/sof/audio/component.h
Original file line number Diff line number Diff line change
Expand Up @@ -764,6 +764,8 @@ static inline struct comp_dev *comp_alloc(const struct comp_driver *drv,
dev->size = bytes;
dev->drv = drv;
dev->state = COMP_STATE_INIT;
list_init(&dev->bsink_list);
list_init(&dev->bsource_list);
memcpy_s(&dev->tctx, sizeof(struct tr_ctx),
trace_comp_drv_get_tr_ctx(dev->drv), sizeof(struct tr_ctx));

Expand Down

0 comments on commit 5f5588c

Please sign in to comment.