1 files changed, 17 insertions, 13 deletions

diff --git a/src/libcamera/ipa_module.cpp b/src/libcamera/ipa_module.cpp
index c9ff7de3..9ca74be6 100644
--- a/src/libcamera/ipa_module.cpp
+++ b/src/libcamera/ipa_module.cpp
@@ -2,13 +2,12 @@
 /*
  * Copyright (C) 2019, Google Inc.
  *
- * ipa_module.cpp - Image Processing Algorithm module
+ * Image Processing Algorithm module
  */
 
 #include "libcamera/internal/ipa_module.h"
 
 #include <algorithm>
-#include <array>
 #include <ctype.h>
 #include <dlfcn.h>
 #include <elf.h>
@@ -51,8 +50,8 @@ typename std::remove_extent_t<T> *elfPointer(Span<const uint8_t> elf,
 	if (size > elf.size() || size < objSize)
 		return nullptr;
 
-	return reinterpret_cast<typename std::remove_extent_t<T> *>
-		(reinterpret_cast<const char *>(elf.data()) + offset);
+	return reinterpret_cast<typename std::remove_extent_t<T> *>(
+		reinterpret_cast<const char *>(elf.data()) + offset);
 }
 
 template<typename T>
@@ -225,9 +224,9 @@ Span<const uint8_t> elfLoadSymbol(Span<const uint8_t> elf, const char *symbol)
  * \brief The name of the IPA module
  *
  * The name may be used to build file system paths to IPA-specific resources.
- * It shall only contain printable characters, and may not contain '/', '*',
- * '?' or '\'. For IPA modules included in libcamera, it shall match the
- * directory of the IPA module in the source tree.
+ * It shall only contain printable characters, and may not contain '*', '?' or
+ * '\'. For IPA modules included in libcamera, it shall match the directory of
+ * the IPA module in the source tree.
  *
  * \todo Allow user to choose to isolate open source IPAs
  */
@@ -288,25 +287,30 @@ int IPAModule::loadIPAModuleInfo()
 	}
 
 	Span<const uint8_t> info = elfLoadSymbol(data, "ipaModuleInfo");
-	if (info.size() != sizeof(info_)) {
+	if (info.size() < sizeof(info_)) {
 		LOG(IPAModule, Error) << "IPA module has no valid info";
 		return -EINVAL;
 	}
 
-	memcpy(&info_, info.data(), info.size());
+	memcpy(&info_, info.data(), sizeof(info_));
 
 	if (info_.moduleAPIVersion != IPA_MODULE_API_VERSION) {
 		LOG(IPAModule, Error) << "IPA module API version mismatch";
 		return -EINVAL;
 	}
 
-	/* Validate the IPA module name. */
+	/*
+	 * Validate the IPA module name.
+	 *
+	 * \todo Consider module naming restrictions to avoid escaping from a
+	 * base directory. Forbidding ".." may be enough, but this may be best
+	 * implemented in a different layer.
+	 */
 	std::string ipaName = info_.name;
 	auto iter = std::find_if_not(ipaName.begin(), ipaName.end(),
 				     [](unsigned char c) -> bool {
-					     return isprint(c) && c != '/' &&
-						    c != '?' && c != '*' &&
-						    c != '\\';
+					     return isprint(c) && c != '?' &&
+						    c != '*' && c != '\\';
 				     });
 	if (iter != ipaName.end()) {
 		LOG(IPAModule, Error)