audio: data_blob: reject first_block while transfer in progress

ipc4_comp_data_blob_set() had no busy check, so a new
first_block received mid-transfer skipped reallocation but still
updated new_data_size, defeating the memcpy_s bound and allowing
a host-controlled heap overflow. Reject it with -EBUSY,
mirroring comp_data_blob_set() and comp_data_blob_set_cmd().

Signed-off-by: Adrian Bonislawski <adrian.bonislawski@intel.com>

Author: abonislawski

src/audio/data_blob.c

@@ -330,6 +330,14 @@ int ipc4_comp_data_blob_set(struct comp_data_blob_handler *blob_handler,
 		 "data_offset = %d",
 		 data_offset);
 
+	/* Reject a new first_block mid-transfer: reusing stale data_new while
+	 * overwriting new_data_size defeats the memcpy_s bound (heap overflow).
+	 */
+	if (blob_handler->data_new && first_block) {
+		comp_err(blob_handler->dev, "busy with previous request");
+		return -EBUSY;
+	}
+
 	/* in case when the current package is the first, we should allocate
 	 * memory for whole model data
 	 */