igo_nr: validate config blob size before copy

A new configuration blob was copied into the component state as a
fixed-size structure without checking the blob was large enough, reading
past the allocation for a short blob. Request the blob size and reject
one smaller than the configuration structure.

Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>

Author: lrgirdwo

src/audio/igo_nr/igo_nr.c

@@ -720,13 +720,26 @@ static void igo_nr_print_config(struct processing_module *mod)
 static void igo_nr_set_igo_params(struct processing_module *mod)
 {
 	struct comp_data *cd = module_get_private_data(mod);
-	struct sof_igo_nr_config *p_config = comp_get_data_blob(cd->model_handler, NULL, NULL);
+	size_t config_size = 0;
+	struct sof_igo_nr_config *p_config = comp_get_data_blob(cd->model_handler,
+							       &config_size, NULL);
 	struct comp_dev *dev = mod->dev;
 
 	comp_info(dev, "entry");
-	igo_nr_check_config_validity(dev, cd);
 
 	if (p_config) {
+		if (config_size < sizeof(cd->config)) {
+			comp_err(dev, "New config too small: %zu < %zu",
+				 config_size, sizeof(cd->config));
+			return;
+		}
+		/* validate the incoming blob and only apply it if it passes;
+		 * igo_nr_check_config_validity() re-reads the new blob
+		 */
+		if (igo_nr_check_config_validity(dev, cd) < 0) {
+			comp_err(dev, "New config failed validation, not applied");
+			return;
+		}
 		comp_info(dev, "New config detected.");
 		cd->config = *p_config;
 		igo_nr_print_config(mod);