| Message ID | 87sfe9eap7.wl-kuninori.morimoto.gx@renesas.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() | expand |
On Mon, 13 Mar 2023 01:50:28 +0100, Kuninori Morimoto wrote: > > tuning_ctl_set() might have buffer overrun at (X) if it didn't break > from loop by matching (A). > > static int tuning_ctl_set(...) > { > for (i = 0; i < TUNING_CTLS_COUNT; i++) > (A) if (nid == ca0132_tuning_ctls[i].nid) > break; > > snd_hda_power_up(...); > (X) dspio_set_param(..., ca0132_tuning_ctls[i].mid, ...); > snd_hda_power_down(...); ^ > > return 1; > } > > We will get below error by cppcheck > > sound/pci/hda/patch_ca0132.c:4229:2: note: After for loop, i has value 12 > for (i = 0; i < TUNING_CTLS_COUNT; i++) > ^ > sound/pci/hda/patch_ca0132.c:4234:43: note: Array index out of bounds > dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20, > ^ > This patch cares non match case. > > Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com> Thanks, applied now. Takashi
diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c index 0a292bf271f2..5ce4b5f62983 100644 --- a/sound/pci/hda/patch_ca0132.c +++ b/sound/pci/hda/patch_ca0132.c @@ -4228,8 +4228,10 @@ static int tuning_ctl_set(struct hda_codec *codec, hda_nid_t nid, for (i = 0; i < TUNING_CTLS_COUNT; i++) if (nid == ca0132_tuning_ctls[i].nid) - break; + goto found; + return -EINVAL; +found: snd_hda_power_up(codec); dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20, ca0132_tuning_ctls[i].req,
tuning_ctl_set() might have buffer overrun at (X) if it didn't break from loop by matching (A). static int tuning_ctl_set(...) { for (i = 0; i < TUNING_CTLS_COUNT; i++) (A) if (nid == ca0132_tuning_ctls[i].nid) break; snd_hda_power_up(...); (X) dspio_set_param(..., ca0132_tuning_ctls[i].mid, ...); snd_hda_power_down(...); ^ return 1; } We will get below error by cppcheck sound/pci/hda/patch_ca0132.c:4229:2: note: After for loop, i has value 12 for (i = 0; i < TUNING_CTLS_COUNT; i++) ^ sound/pci/hda/patch_ca0132.c:4234:43: note: Array index out of bounds dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20, ^ This patch cares non match case. Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com> --- sound/pci/hda/patch_ca0132.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)