[alsa-devel] [PATCH] ALSA: hda - Always check array bounds in alc_get_line_out_pfx

Takashi Iwai tiwai at suse.de
Wed Oct 17 14:12:55 CEST 2012


At Wed, 17 Oct 2012 12:43:44 +0200,
David Henningsson wrote:
> 
> Even when CONFIG_SND_DEBUG is not enabled, we don't want to
> return an arbitrary memory location when the channel count is
> larger than we expected.
> 
> Cc: stable at kernel.org
> Signed-off-by: David Henningsson <david.henningsson at canonical.com>
> ---
> 
> Notes: This was found while debugging an OOPS on kernel 3.2.
> See https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1067269 for details.
> The badness calculation was improved in kernel 3.4; so not sure if the
> same could happen in later kernels, but at least apply to kernels <= 3.3 would make sense.
> Also adding to current trees (3.7, 3.8) would make sense IMO, just as extra safety.

Applied, thanks.


Takashi

> 
>  sound/pci/hda/patch_realtek.c |    4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
> index 2d2bb66..651822c 100644
> --- a/sound/pci/hda/patch_realtek.c
> +++ b/sound/pci/hda/patch_realtek.c
> @@ -2599,8 +2599,10 @@ static const char *alc_get_line_out_pfx(struct alc_spec *spec, int ch,
>  			return "PCM";
>  		break;
>  	}
> -	if (snd_BUG_ON(ch >= ARRAY_SIZE(channel_name)))
> +	if (ch >= ARRAY_SIZE(channel_name)) {
> +		snd_BUG();
>  		return "PCM";
> +	}
>  
>  	return channel_name[ch];
>  }
> -- 
> 1.7.9.5
> 


More information about the Alsa-devel mailing list