[PATCH 07/14] ALSA: emu10k1: properly assert DSP init constraints

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If these are hit, we've already trashed kernel memory by writing past
the end of the allocated buffer. There is no recovery from that.

Signed-off-by: Oswald Buddenhagen <oswald.buddenhagen@xxxxxx>
---
v2:
- slightly more verbose description
---
 sound/pci/emu10k1/emufx.c | 21 +++++----------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/sound/pci/emu10k1/emufx.c b/sound/pci/emu10k1/emufx.c
index 2da1f9f1fb5a..5ae275d87c59 100644
--- a/sound/pci/emu10k1/emufx.c
+++ b/sound/pci/emu10k1/emufx.c
@@ -1668,22 +1668,19 @@ A_OP(icode, &ptr, iMAC0, A_GPR(var), A_GPR(var), A_GPR(vol), A_EXTIN(input))
 	 * ok, set up done..
 	 */
 
-	if (gpr > tmp) {
-		snd_BUG();
-		err = -EIO;
-		goto __err;
-	}
+	BUG_ON(gpr > tmp);
+	BUG_ON(nctl > SND_EMU10K1_GPR_CONTROLS);
+
 	/* clear remaining instruction memory */
 	while (ptr < 0x400)
 		A_OP(icode, &ptr, 0x0f, 0xc0, 0xc0, 0xcf, 0xc0);
 
 	icode->gpr_add_control_count = nctl;
 	icode->gpr_add_controls = controls;
 	emu->support_tlv = 1; /* support TLV */
 	err = snd_emu10k1_icode_poke(emu, icode, true);
 	emu->support_tlv = 0; /* clear again */
 
-__err:
 	kfree(controls);
 __err_ctrls:
 	kfree(icode->gpr_map);
@@ -2272,16 +2269,8 @@ static int _snd_emu10k1_init_efx(struct snd_emu10k1 *emu)
 	}
 	    
 
-	if (gpr > tmp) {
-		snd_BUG();
-		err = -EIO;
-		goto __err;
-	}
-	if (i > SND_EMU10K1_GPR_CONTROLS) {
-		snd_BUG();
-		err = -EIO;
-		goto __err;
-	}
+	BUG_ON(gpr > tmp);
+	BUG_ON(i > SND_EMU10K1_GPR_CONTROLS);
 	
 	/* clear remaining instruction memory */
 	while (ptr < 0x200)
-- 
2.40.0.152.g15d061e6df




[Index of Archives]     [ALSA User]     [Linux Audio Users]     [Pulse Audio]     [Kernel Archive]     [Asterisk PBX]     [Photo Sharing]     [Linux Sound]     [Video 4 Linux]     [Gimp]     [Yosemite News]

  Powered by Linux