| From 883a1d49f0d77d30012f114b2e19fc141beb3e8e Mon Sep 17 00:00:00 2001 |
| From: Lars-Peter Clausen <lars@metafoo.de> |
| Date: Wed, 18 Jun 2014 13:32:35 +0200 |
| Subject: ALSA: control: Make sure that id->index does not overflow |
| |
| From: Lars-Peter Clausen <lars@metafoo.de> |
| |
| commit 883a1d49f0d77d30012f114b2e19fc141beb3e8e upstream. |
| |
| The ALSA control code expects that the range of assigned indices to a control is |
| continuous and does not overflow. Currently there are no checks to enforce this. |
| If a control with a overflowing index range is created that control becomes |
| effectively inaccessible and unremovable since snd_ctl_find_id() will not be |
| able to find it. This patch adds a check that makes sure that controls with a |
| overflowing index range can not be created. |
| |
| Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> |
| Acked-by: Jaroslav Kysela <perex@perex.cz> |
| Signed-off-by: Takashi Iwai <tiwai@suse.de> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| sound/core/control.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| --- a/sound/core/control.c |
| +++ b/sound/core/control.c |
| @@ -341,6 +341,9 @@ int snd_ctl_add(struct snd_card *card, s |
| if (snd_BUG_ON(!card || !kcontrol->info)) |
| goto error; |
| id = kcontrol->id; |
| + if (id.index > UINT_MAX - kcontrol->count) |
| + goto error; |
| + |
| down_write(&card->controls_rwsem); |
| if (snd_ctl_find_id(card, &id)) { |
| up_write(&card->controls_rwsem); |