Commit b6ecb8f
copier: fix queue ID extraction using correct IPC4 macro
Fix NULL pointer dereference crash in copier module by using the correct
IPC4 macro to extract queue IDs from buffer IDs.
The issue occurred in do_conversion_copy() and copier_module_copy() when
accessing cd->converter[i] where i was extracted using
IPC4_SINK_QUEUE_ID().
This was incorrect because buffer IDs are constructed as:
IPC4_COMP_ID(src_queue, dst_queue)
From the buffer's perspective, the copier's sink is actually the source,
so IPC4_SRC_QUEUE_ID() should be used to get the correct copier sink
index.
Using IPC4_SINK_QUEUE_ID() extracted the dst_queue (upper 16 bits)
instead of src_queue (lower 16 bits), leading to wrong array indices and
NULL pointer crashes when the converter array wasn't initialized for
those indices.
This resolves crashes in RTC AEC topologies where internal module
copiers have buffer IDs that map to non-zero queue IDs.
Signed-off-by: Tomasz Leman <tomasz.m.leman@intel.com>1 parent cea0631 commit b6ecb8f
1 file changed
+12
-2
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
540 | 540 | | |
541 | 541 | | |
542 | 542 | | |
543 | | - | |
| 543 | + | |
| 544 | + | |
| 545 | + | |
| 546 | + | |
| 547 | + | |
| 548 | + | |
544 | 549 | | |
545 | 550 | | |
546 | 551 | | |
| |||
617 | 622 | | |
618 | 623 | | |
619 | 624 | | |
620 | | - | |
| 625 | + | |
| 626 | + | |
| 627 | + | |
| 628 | + | |
| 629 | + | |
| 630 | + | |
621 | 631 | | |
622 | 632 | | |
623 | 633 | | |
| |||
0 commit comments