Home Home > GIT Browse
diff options
authorLars-Peter Clausen <lars@metafoo.de>2014-06-18 13:32:35 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2014-06-26 15:10:29 -0400
commit2e5f14a6472167bb91ccf2e4ec1fc6586a99500b (patch)
parentab59a4b59f1e0aa0b2279be893a39a406c938c21 (diff)
ALSA: control: Make sure that id->index does not overflow
commit 883a1d49f0d77d30012f114b2e19fc141beb3e8e upstream. The ALSA control code expects that the range of assigned indices to a control is continuous and does not overflow. Currently there are no checks to enforce this. If a control with a overflowing index range is created that control becomes effectively inaccessible and unremovable since snd_ctl_find_id() will not be able to find it. This patch adds a check that makes sure that controls with a overflowing index range can not be created. Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Acked-by: Jaroslav Kysela <perex@perex.cz> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 files changed, 3 insertions, 0 deletions
diff --git a/sound/core/control.c b/sound/core/control.c
index 3970a9907985..e773d5ed1e9a 100644
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -341,6 +341,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
if (snd_BUG_ON(!card || !kcontrol->info))
goto error;
id = kcontrol->id;
+ if (id.index > UINT_MAX - kcontrol->count)
+ goto error;
if (snd_ctl_find_id(card, &id)) {