From d9bef486d268889a38ea5ba1632d0b2ef9834a30 Mon Sep 17 00:00:00 2001 From: Tomasz Leman Date: Thu, 28 Nov 2024 14:51:14 +0100 Subject: [PATCH] audio: kpb: fix potential NULL pointer dereference in device list reset This patch addresses a potential NULL pointer dereference issue in the `devicelist_reset` function within the Key Phrase Buffer (KPB) component. The issue was exposed by a recent change in Zephyr's MMU mapping for Intel ADSP ACE30, which now catches NULL pointer accesses. The `devicelist_reset` function previously iterated over the entire `DEVICE_LIST_SIZE` when clearing items and zeroing pointers, which could lead to dereferencing NULL pointers. The fix involves iterating only up to `devlist->count` to ensure that only valid pointers are accessed. This change prevents potential NULL pointer dereference and ensures the stability of the KPB component. Link: https://github.com/thesofproject/sof/issues/9687 Signed-off-by: Tomasz Leman --- src/audio/kpb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/audio/kpb.c b/src/audio/kpb.c index 2141cc8ac1d5..064b3acddb45 100644 --- a/src/audio/kpb.c +++ b/src/audio/kpb.c @@ -2405,11 +2405,11 @@ static void devicelist_reset(struct device_list *devlist, bool remove_items) { /* clear items */ if (remove_items) { - for (int i = 0; i < DEVICE_LIST_SIZE; i++) + for (int i = 0; i < devlist->count; i++) *devlist->devs[i] = NULL; } /* zero the pointers */ - for (int i = 0; i < DEVICE_LIST_SIZE; i++) + for (int i = 0; i < devlist->count; i++) devlist->devs[i] = NULL; devlist->count = 0;