[alsa-devel] [PATCH] hda: add bounds checking for the codec command fields

Wu Fengguang fengguang.wu at intel.com
Fri Jul 17 10:24:10 CEST 2009


A recent bug involves passing auto detected >0x7f NID to codec command,
creating an invalid codec addr field, and finally lead to cmd timeout
and fall back into single command mode. Jaroslav fixed that bug in
alc880_parse_auto_config().

It would be safer to further check the bounds of all cmd fields.

Cc: Jaroslav Kysela <perex at perex.cz>
Signed-off-by: Wu Fengguang <fengguang.wu at intel.com>
---
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
index 462e2ce..7d09650 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -150,6 +150,16 @@ make_codec_cmd(struct hda_codec *codec, hda_nid_t nid, int direct,
 {
 	u32 val;
 
+	if ((direct & ~1) || (nid & ~0x7f) ||
+	    (verb & ~0xfff) || (parm & ~0xff)) {
+		printk(KERN_ERR "hda-codec: out of range cmd %x:%x:%x:%x:%x\n",
+		       codec->addr, direct, nid, verb, parm);
+		direct &= 1;
+		nid  &= 0x7f;
+		verb &= 0xfff;
+		parm &= 0xff;
+	}
+
 	val = (u32)(codec->addr & 0x0f) << 28;
 	val |= (u32)direct << 27;
 	val |= (u32)nid << 20;


More information about the Alsa-devel mailing list