audio: selector: fix init pointers

[cujomalainey]

Selector has been broken since its last init migration as the memcpy passes in the first byte of data rather than the pointer to the data.

Fixes: 141efbd ("ipc4: convert selector to use the new module interface")
Fixes: oss-fuzz:59343

[cujomalainey]

This also suggests that our stub testing could go a bit further and actually initialize the components.

[lyakh]

I think the current code is correct. The commit is copying an address of the .data member of struct ipc_process, which doesn't look correct to me

[cujomalainey]

I think the current code is correct. The commit is copying an address of the .data member of struct ipc_process, which doesn't look correct to me

Hmm, actually the changes appear to resolve to the same value in gcc and clang on macos, but when I was testing in the fuzzer environment (clang) on my linux machine I was getting values [0,255] which suggested it was dereferencing the pointer.

I'll rerun this when I am back in the office, i hope its not another hole in the C spec like integer promotion.

#include <inttypes.h>
#include <stdio.h>

struct test {
        size_t size;
        uint8_t data[];
};

int main() {
        uint8_t buf[sizeof(struct test) + 1] = {0xff};
        struct test *ptr = (struct test*)buf;

        printf("ptr: %p, ptr->data: %p, &ptr->data: %p\n", ptr, ptr->data, &ptr->data);
        return 0;
}

ptr: 0x7ff7b81260df, ptr->data: 0x7ff7b81260e7, &ptr->data: 0x7ff7b81260e7

[lyakh]

Hmm, actually the changes appear to resolve to the same value in gcc and clang on macos, but when I was testing in the fuzzer environment (clang) on my linux machine I was getting values [0,255] which suggested it was dereferencing the pointer.

@cujomalainey I cannot imaging how this can be correct. In your test code - yes, it's correct, because you have an array there. However .data in

sof/src/include/sof/audio/ipc-config.h

Line 141 in 3c0eb1a

const unsigned char *data;

is a pointer. In int x[2]; x and &x will have the same value. But in int *x = &i; they will have different values. x will return its contents, i.e. address of i, whereas &x will return address of the x variable. Same when that pointer is inside a structure. So if you were getting wrong values it means, that ipc_process->data contained an invalid value, not representing a pointer to data.

[cujomalainey]

ah yes you are right i had the types confused, hmm this is interesting as I was certain I traced the path to correct for making sure data was valid. Thanks for catching the error. I will have to debug this further. Let me know if you want to take a look, i can give you the test case.