Dan reported that smatch reports wrong size check and after analysis it
is confirmed that we are comparing wrong value: pointer size instead of
array size. However the check itself is problematic as in UAPI header
there are two fields:
struct snd_soc_tplg_enum_control {
(...)
char texts[SND_SOC_TPLG_NUM_TEXTS][SNDRV_CTL_ELEM_ID_NAME_MAXLEN];
__le32 values[SND_SOC_TPLG_NUM_TEXTS * SNDRV_CTL_ELEM_ID_NAME_MAXLEN / 4];
the texts field is for names and the values one for values assigned to
those named fields, after analysis it becomes clear that there is quite
a lot overhead values than we may possibly name. So instead of changing
check to ARRAY_SIZE(ec->values), as it was first suggested, use
hardcoded value of SND_SOC_TPLG_NUM_TEXTS.
Link: https://lore.kernel.org/alsa-devel/X9B0eDcKy+9B6kZl@mwanda/
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@xxxxxxxxxxxxxxx>
---
sound/soc/soc-topology.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/sound/soc/soc-topology.c b/sound/soc/soc-topology.c
index eb2633dd6454..7fb3a87ab860 100644
--- a/sound/soc/soc-topology.c
+++ b/sound/soc/soc-topology.c
@@ -889,10 +889,16 @@ static int soc_tplg_denum_create_values(struct soc_tplg *tplg, struct soc_enum *
{
int i;
- if (le32_to_cpu(ec->items) > sizeof(*ec->values))
+ /*
+ * Following "if" checks if we have at most SND_SOC_TPLG_NUM_TEXTS
+ * values instead of using ARRAY_SIZE(ec->values) due to the fact that
+ * it is oversized for its purpose. Additionally it is done so because
+ * it is defined in UAPI header where it can't be easily changed.
+ */
+ if (le32_to_cpu(ec->items) > SND_SOC_TPLG_NUM_TEXTS)
return -EINVAL;
- se->dobj.control.dvalues = devm_kzalloc(tplg->dev, le32_to_cpu(ec->items) *
+ se->dobj.control.dvalues = devm_kcalloc(tplg->dev, le32_to_cpu(ec->items),
sizeof(u32),
GFP_KERNEL);
if (!se->dobj.control.dvalues)
--
2.25.1
