ipc-helper.c: reject invalid SOF_MEM_CAPS_* bits

Fixes lack of SOF_MEM_CAPS_* input validation found in thesofproject#8832

Signed-off-by: Marc Herbert <marc.herbert@intel.com>

src/include/ipc/topology.h

@@ -87,6 +87,12 @@ struct sof_ipc_comp {
 #define SOF_MEM_CAPS_EXEC		BIT(7) /**< executable */
 #define SOF_MEM_CAPS_L3			BIT(8) /**< L3 memory */
 
+#ifdef CONFIG_L3_HEAD
+#define SOF_MEM_CAPS_MAX_BIT		BIT(8) /**< Used for input validation */
+#else
+#define SOF_MEM_CAPS_MAX_BIT		BIT(9) /**< Used for input validation */
+#endif
+
 /*
  * overrun will cause ring buffer overwrite, instead of XRUN.
  */

src/ipc/ipc-helper.c

@@ -36,13 +36,28 @@
 
 LOG_MODULE_DECLARE(ipc, CONFIG_SOF_LOG_LEVEL);
 
+static bool valid_ipc_buffer_desc(const struct sof_ipc_buffer *desc)
+{
+	if (desc->flags >= SOF_MEM_CAPS_MAX_BIT)
+		return false;
+
+	/* FIXME: check desc->size and maybe other things */
+	return true;
+}
+
 /* create a new component in the pipeline */
 struct comp_buffer *buffer_new(const struct sof_ipc_buffer *desc, bool is_shared)
 {
 	struct comp_buffer *buffer;
 
-	tr_info(&buffer_tr, "buffer new size 0x%x id %d.%d flags 0x%x",
-		desc->size, desc->comp.pipeline_id, desc->comp.id, desc->flags);
+	if (valid_ipc_buffer_desc(desc)) {
+		tr_info(&buffer_tr, "buffer new size 0x%x id %d.%d flags 0x%x",
+			desc->size, desc->comp.pipeline_id, desc->comp.id, desc->flags);
+	} else {
+		tr_err(&buffer_tr, "Invalid buffer desc! New size 0x%x id %d.%d flags 0x%x",
+		       desc->size, desc->comp.pipeline_id, desc->comp.id, desc->flags);
+		return NULL;
+	}
 
 	/* allocate buffer */
 	buffer = buffer_alloc(desc->size, desc->caps, desc->flags, PLATFORM_DCACHE_ALIGN,

src/ipc/ipc3/handler.c

@@ -76,6 +76,7 @@ LOG_MODULE_DECLARE(ipc, CONFIG_SOF_LOG_LEVEL);
 #define iGS(x) ((x) & SOF_GLB_TYPE_MASK)
 #define iCS(x) ((x) & SOF_CMD_TYPE_MASK)
 
+/* FIXME: assert() should be turned off in production builds */
 #define _IPC_COPY_CMD(rx, tx, rx_size)					\
 	do {								\
 		int ___ret;						\