www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
	Mon, 13 Mar 2023 00:50:28 +0000 (00:50 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 6 Apr 2023 10:10:40 +0000 (12:10 +0200)
commit	32854bc91ae7debcdefdc7ae881ed83385a04792
tree	52d682981998b49a0801a08bbb7dc845e6b693e9	tree
parent	69280e8e669c79700346c1aa02bbb5f895b55208	commit \| diff

ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()

[ Upstream commit 98e5eb110095ec77cb6d775051d181edbf9cd3cf ]

tuning_ctl_set() might have buffer overrun at (X) if it didn't break
from loop by matching (A).

static int tuning_ctl_set(...)
{
for (i = 0; i < TUNING_CTLS_COUNT; i++)
(A) if (nid == ca0132_tuning_ctls[i].nid)
break;

snd_hda_power_up(...);
(X) dspio_set_param(..., ca0132_tuning_ctls[i].mid, ...);
snd_hda_power_down(...); ^

return 1;
}

We will get below error by cppcheck

sound/pci/hda/patch_ca0132.c:4229:2: note: After for loop, i has value 12
for (i = 0; i < TUNING_CTLS_COUNT; i++)
^
sound/pci/hda/patch_ca0132.c:4234:43: note: Array index out of bounds
dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20,
^
This patch cares non match case.

Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Link: https://lore.kernel.org/r/87sfe9eap7.wl-kuninori.morimoto.gx@renesas.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>