Patch "ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     alsa-hda-ca0132-fixup-buffer-overrun-at-tuning_ctl_s.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 646ce2b1a816c929214553c7512ac1134fd29d55
Author: Kuninori Morimoto <kuninori.morimoto.gx@xxxxxxxxxxx>
Date:   Mon Mar 13 00:50:28 2023 +0000

    ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
    
    [ Upstream commit 98e5eb110095ec77cb6d775051d181edbf9cd3cf ]
    
    tuning_ctl_set() might have buffer overrun at (X) if it didn't break
    from loop by matching (A).
    
            static int tuning_ctl_set(...)
            {
                    for (i = 0; i < TUNING_CTLS_COUNT; i++)
    (A)                     if (nid == ca0132_tuning_ctls[i].nid)
                                    break;
    
                    snd_hda_power_up(...);
    (X)             dspio_set_param(..., ca0132_tuning_ctls[i].mid, ...);
                    snd_hda_power_down(...);                ^
    
                    return 1;
            }
    
    We will get below error by cppcheck
    
            sound/pci/hda/patch_ca0132.c:4229:2: note: After for loop, i has value 12
             for (i = 0; i < TUNING_CTLS_COUNT; i++)
             ^
            sound/pci/hda/patch_ca0132.c:4234:43: note: Array index out of bounds
             dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20,
                                                       ^
    This patch cares non match case.
    
    Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@xxxxxxxxxxx>
    Link: https://lore.kernel.org/r/87sfe9eap7.wl-kuninori.morimoto.gx@xxxxxxxxxxx
    Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c
index c0cb6e49a9b65..2646663e03426 100644
--- a/sound/pci/hda/patch_ca0132.c
+++ b/sound/pci/hda/patch_ca0132.c
@@ -4231,8 +4231,10 @@ static int tuning_ctl_set(struct hda_codec *codec, hda_nid_t nid,
 
 	for (i = 0; i < TUNING_CTLS_COUNT; i++)
 		if (nid == ca0132_tuning_ctls[i].nid)
-			break;
+			goto found;
 
+	return -EINVAL;
+found:
 	snd_hda_power_up(codec);
 	dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20,
 			ca0132_tuning_ctls[i].req,



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux