From 3421226c13f6660de4d035c3d9563abbd5d94862 Mon Sep 17 00:00:00 2001 From: Curtis Malainey Date: Wed, 21 Oct 2020 20:42:06 -0700 Subject: [PATCH] abi: fix macro size overflow ubsan found the following bug via oss-fuzz /src/sof/src/ipc/handler.c:1385:9: runtime error: left shift of 15 by 28 places cannot be represented in type 'int' This is caused by SOF_GLB_TYPE_MASK which has an implicit length of 15 (int16_t) Signed-off-by: Curtis Malainey --- src/include/ipc/header.h | 4 ++-- src/include/kernel/abi.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/include/ipc/header.h b/src/include/ipc/header.h index 000e3134f03b..cff4b4a30d70 100644 --- a/src/include/ipc/header.h +++ b/src/include/ipc/header.h @@ -154,7 +154,7 @@ /** Shift-left bits to extract the global cmd type */ #define SOF_GLB_TYPE_SHIFT 28 -#define SOF_GLB_TYPE_MASK (0xf << SOF_GLB_TYPE_SHIFT) +#define SOF_GLB_TYPE_MASK (0xfL << SOF_GLB_TYPE_SHIFT) #define SOF_GLB_TYPE(x) ((x) << SOF_GLB_TYPE_SHIFT) /** @} */ @@ -165,7 +165,7 @@ /** Shift-left bits to extract the command type */ #define SOF_CMD_TYPE_SHIFT 16 -#define SOF_CMD_TYPE_MASK (0xfff << SOF_CMD_TYPE_SHIFT) +#define SOF_CMD_TYPE_MASK (0xfffL << SOF_CMD_TYPE_SHIFT) #define SOF_CMD_TYPE(x) ((x) << SOF_CMD_TYPE_SHIFT) /** @} */ diff --git a/src/include/kernel/abi.h b/src/include/kernel/abi.h index 4eb01a563882..b5ef6fcf13e8 100644 --- a/src/include/kernel/abi.h +++ b/src/include/kernel/abi.h @@ -30,7 +30,7 @@ /** \brief SOF ABI version major, minor and patch numbers */ #define SOF_ABI_MAJOR 3 #define SOF_ABI_MINOR 18 -#define SOF_ABI_PATCH 0 +#define SOF_ABI_PATCH 1 /** \brief SOF ABI version number. Format within 32bit word is MMmmmppp */ #define SOF_ABI_MAJOR_SHIFT 24