From 54bb3e4d01f806af62dbd6c8673408788e5e9d72 Mon Sep 17 00:00:00 2001
From: Curtis Malainey <cujomalainey@chromium.org>
Date: Tue, 3 Sep 2024 16:27:30 -0700
Subject: [PATCH] ipc3: move pointer assignments to after validation

UBSAN is complaining about the pointers being overflown given we haven't
checked the parameters. Move it behind the code that protects this to
satisfy the sanitizer.

Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
---
 src/ipc/ipc3/handler.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/ipc/ipc3/handler.c b/src/ipc/ipc3/handler.c
index d85f8596caf2..4349c9606253 100644
--- a/src/ipc/ipc3/handler.c
+++ b/src/ipc/ipc3/handler.c
@@ -904,8 +904,6 @@ static int ipc_trace_filter_update(uint32_t header)
 	int cnt;
 
 	packet = ipc->comp_data;
-	elem = packet->elems;
-	end = &packet->elems[packet->elem_cnt];
 
 	/* validation, packet->hdr.size has already been compared with SOF_IPC_MSG_MAX_SIZE */
 	if (sizeof(*packet) + sizeof(*elem) * packet->elem_cnt != packet->hdr.size) {
@@ -917,6 +915,9 @@ static int ipc_trace_filter_update(uint32_t header)
 	tr_info(&ipc_tr, "ipc: trace_filter_update received, size %d elems",
 		packet->elem_cnt);
 
+	elem = packet->elems;
+	end = &packet->elems[packet->elem_cnt];
+
 	/* read each filter set and update selected components trace settings */
 	while (elem != end) {
 		next_elem = trace_filter_fill(elem, end, &filter);