On Fri, Jul 17, 2009 at 04:24:10PM +0800, Wu Fengguang wrote:
> A recent bug involves passing auto detected >0x7f NID to codec command,
> creating an invalid codec addr field, and finally lead to cmd timeout
> and fall back into single command mode. Jaroslav fixed that bug in
> alc880_parse_auto_config().
>
> It would be safer to further check the bounds of all cmd fields.
>
> Cc: Jaroslav Kysela <perex@xxxxxxxx>
> Signed-off-by: Wu Fengguang <fengguang.wu@xxxxxxxxx>
> ---
> diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
> index 462e2ce..7d09650 100644
> --- a/sound/pci/hda/hda_codec.c
> +++ b/sound/pci/hda/hda_codec.c
> @@ -150,6 +150,16 @@ make_codec_cmd(struct hda_codec *codec, hda_nid_t nid, int direct,
> {
> u32 val;
>
> + if ((direct & ~1) || (nid & ~0x7f) ||
> + (verb & ~0xfff) || (parm & ~0xff)) {
> + printk(KERN_ERR "hda-codec: out of range cmd %x:%x:%x:%x:%x\n",
> + codec->addr, direct, nid, verb, parm);
Maybe we shall simply return here?
> + direct &= 1;
> + nid &= 0x7f;
> + verb &= 0xfff;
> + parm &= 0xff;
> + }
> +
> val = (u32)(codec->addr & 0x0f) << 28;
> val |= (u32)direct << 27;
> val |= (u32)nid << 20;
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
