diff options
| author | Lars-Peter Clausen <lars@metafoo.de> | 2014-06-18 07:32:35 -0400 |
|---|---|---|
| committer | Takashi Iwai <tiwai@suse.de> | 2014-06-18 09:13:37 -0400 |
| commit | 883a1d49f0d77d30012f114b2e19fc141beb3e8e (patch) | |
| tree | 619fde383d5c4645712c498bf1af52df6216ac22 /sound | |
| parent | ac902c112d90a89e59916f751c2745f4dbdbb4bd (diff) | |
ALSA: control: Make sure that id->index does not overflow
The ALSA control code expects that the range of assigned indices to a control is
continuous and does not overflow. Currently there are no checks to enforce this.
If a control with a overflowing index range is created that control becomes
effectively inaccessible and unremovable since snd_ctl_find_id() will not be
able to find it. This patch adds a check that makes sure that controls with a
overflowing index range can not be created.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Acked-by: Jaroslav Kysela <perex@perex.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Diffstat (limited to 'sound')
| -rw-r--r-- | sound/core/control.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sound/core/control.c b/sound/core/control.c index 8d6e4bae7407..f0b0e14497a5 100644 --- a/sound/core/control.c +++ b/sound/core/control.c | |||
| @@ -342,6 +342,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) | |||
| 342 | if (snd_BUG_ON(!card || !kcontrol->info)) | 342 | if (snd_BUG_ON(!card || !kcontrol->info)) |
| 343 | goto error; | 343 | goto error; |
| 344 | id = kcontrol->id; | 344 | id = kcontrol->id; |
| 345 | if (id.index > UINT_MAX - kcontrol->count) | ||
| 346 | goto error; | ||
| 347 | |||
| 345 | down_write(&card->controls_rwsem); | 348 | down_write(&card->controls_rwsem); |
| 346 | if (snd_ctl_find_id(card, &id)) { | 349 | if (snd_ctl_find_id(card, &id)) { |
| 347 | up_write(&card->controls_rwsem); | 350 | up_write(&card->controls_rwsem); |