diff options
| author | Takashi Iwai <tiwai@suse.de> | 2016-01-18 08:12:40 -0500 |
|---|---|---|
| committer | Takashi Iwai <tiwai@suse.de> | 2016-01-18 08:40:07 -0500 |
| commit | c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762 (patch) | |
| tree | d8429b3e98516f34c872fc91e2537d2013305e9a /sound | |
| parent | 9586495dc3011a80602329094e746dbce16cb1f1 (diff) | |
ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0
When a TLV ioctl with numid zero is handled, the driver may spew a
kernel warning with a stack trace at each call. The check was
intended obviously only for a kernel driver, but not for a user
interaction. Let's fix it.
This was spotted by syzkaller fuzzer.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Diffstat (limited to 'sound')
| -rw-r--r-- | sound/core/control.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sound/core/control.c b/sound/core/control.c index 196a6fe100ca..a85d45595d02 100644 --- a/sound/core/control.c +++ b/sound/core/control.c | |||
| @@ -1405,6 +1405,8 @@ static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file, | |||
| 1405 | return -EFAULT; | 1405 | return -EFAULT; |
| 1406 | if (tlv.length < sizeof(unsigned int) * 2) | 1406 | if (tlv.length < sizeof(unsigned int) * 2) |
| 1407 | return -EINVAL; | 1407 | return -EINVAL; |
| 1408 | if (!tlv.numid) | ||
| 1409 | return -EINVAL; | ||
| 1408 | down_read(&card->controls_rwsem); | 1410 | down_read(&card->controls_rwsem); |
| 1409 | kctl = snd_ctl_find_numid(card, tlv.numid); | 1411 | kctl = snd_ctl_find_numid(card, tlv.numid); |
| 1410 | if (kctl == NULL) { | 1412 | if (kctl == NULL) { |