From cae0d0a281aadd73c3906fade5018f0c0b40f808 Mon Sep 17 00:00:00 2001 From: Tomasz Leman Date: Thu, 28 Nov 2024 11:47:00 +0100 Subject: [PATCH] fix: comp_dev: initialize buffer lists to prevent NULL dereference This patch addresses a NULL dereference issue in the SOF firmware that was exposed by a recent change in Zephyr's MMU mapping for Intel ADSP ACE30. The change prevents mapping of the 0x0 address, which helps catch NULL pointer accesses. The issue was identified during testing, where an exception occurred due to uninitialized buffer lists in the `comp_dev` structure. The `list_init` function is called in `comp_new()` (for both IPC3 and IPC4), but a NULL dereference can happen in the component `ops->create()` function, which is called before the list is initialized. One affected component is IPC4 `copier_ipcgtw`. To fix this, the `bsink_list` and `bsource_list` are now initialized in the `comp_alloc` function. This ensures that the lists point to themselves before any use, preventing NULL dereference and subsequent exceptions. Link: https://github.com/thesofproject/sof/issues/9687 Signed-off-by: Tomasz Leman (cherry picked from commit 5f5588c655087086c7003be2a139971c6acf34fa) --- src/include/sof/audio/component.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/include/sof/audio/component.h b/src/include/sof/audio/component.h index e429e9cbe07d..03f37ac884ad 100644 --- a/src/include/sof/audio/component.h +++ b/src/include/sof/audio/component.h @@ -764,6 +764,8 @@ static inline struct comp_dev *comp_alloc(const struct comp_driver *drv, dev->size = bytes; dev->drv = drv; dev->state = COMP_STATE_INIT; + list_init(&dev->bsink_list); + list_init(&dev->bsource_list); memcpy_s(&dev->tctx, sizeof(struct tr_ctx), trace_comp_drv_get_tr_ctx(dev->drv), sizeof(struct tr_ctx));