Commit 73a17ae
pipeline: graph: Check if source_comp is NULL in pipeline_comp_reset()
The fuzzer engine has produced crash caused by NULL pointer read
that originated from ipc3 ipc_stream_pcm_free(). The crash happens
when the pipeline of the found comp_dev does not have a
source_comp and pipeline_reset() is called for it. This commit
adds check to pipeline_comp_test() for this situation and bails
out if it is found.
Here is the call stack from the situation:
#0 0x81e9317 in dev_comp_pipe_id sof/sof/src/include/sof/audio/component.h:646:25
#1 0x81e8015 in pipeline_comp_reset sof/sof/src/audio/pipeline/pipeline-graph.c:326:22
#2 0x81e7d1d in pipeline_reset sof/sof/src/audio/pipeline/pipeline-graph.c:393:8
#3 0x820d7ea in ipc_stream_pcm_free sof/sof/src/ipc/ipc3/handler.c:398:8
#4 0x8208969 in ipc_cmd sof/sof/src/ipc/ipc3/handler.c:1689:9
#5 0x81cbed8 in ipc_platform_do_cmd sof/sof/src/platform/posix/ipc.c:162:2
#6 0x81d10db in ipc_do_cmd sof/sof/src/ipc/ipc-common.c:330:9
#7 0x81f87e9 in task_run sof/sof/zephyr/include/rtos/task.h:94:9
#8 0x81f8308 in edf_work_handler sof/sof/zephyr/edf_schedule.c:31:16
#9 0x82b4b32 in work_queue_main sof/zephyr/kernel/work.c:668:3
#10 0x8193ec2 in z_thread_entry sof/zephyr/lib/os/thread_entry.c:36:2
#11 0x815f639 in __asan::AsanThread::ThreadStart(unsigned long long) /src/llvm-project/compiler-rt/lib/asan/asan_thread.cpp:277:25
Signed-off-by: Jyri Sarha <jyri.sarha@linux.intel.com>1 parent 8ba3528 commit 73a17ae
1 file changed
+8
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
321 | 321 | | |
322 | 322 | | |
323 | 323 | | |
324 | | - | |
325 | 324 | | |
| 325 | + | |
326 | 326 | | |
327 | 327 | | |
328 | 328 | | |
329 | 329 | | |
330 | 330 | | |
| 331 | + | |
| 332 | + | |
| 333 | + | |
| 334 | + | |
| 335 | + | |
| 336 | + | |
| 337 | + | |
331 | 338 | | |
332 | 339 | | |
333 | 340 | | |
| |||
0 commit comments