[alsa-devel] [patch] ALSA: dice: fix array limits in dice_proc_read()

Takashi Iwai tiwai at suse.de
Fri Nov 29 10:55:23 CET 2013 

At Fri, 29 Nov 2013 10:48:28 +0100,
walter harms wrote:
> 
> 
> 
> Am 29.11.2013 09:14, schrieb Dan Carpenter:
> > The array limits are supposed to be in units of u32 instead of in bytes.
> > The current code has a potential array overflow.
> > 
> > Fixes: c614475b0ea9 ('ALSA: dice: add a proc file to show device information')
> > Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
> > 
> > diff --git a/sound/firewire/dice.c b/sound/firewire/dice.c
> > index 57bcd31fcc12..c0aa64941cee 100644
> > --- a/sound/firewire/dice.c
> > +++ b/sound/firewire/dice.c
> > @@ -1019,7 +1019,7 @@ static void dice_proc_read(struct snd_info_entry *entry,
> >  
> >  	if (dice_proc_read_mem(dice, &tx_rx_header, sections[2], 2) < 0)
> >  		return;
> > -	quadlets = min_t(u32, tx_rx_header.size, sizeof(buf.tx));
> > +	quadlets = min_t(u32, tx_rx_header.size, sizeof(buf.tx) / 4);
> 
> it is a bit late but ...
> 
> sizeof(buf.tx) / 4  looks like ARRAY_SIZE(buf.tx)

Not in this case :)
I thought of it at first, too, but understood it after reading the
code.


Takashi

> 
> If yes i suggest ARRAY_SIZE() because it gets rid of the "magic" 4.
> 
> re,
>  wh
> 
> 
> >  	for (stream = 0; stream < tx_rx_header.number; ++stream) {
> >  		if (dice_proc_read_mem(dice, &buf.tx, sections[2] + 2 +
> >  				       stream * tx_rx_header.size,
> > @@ -1045,7 +1045,7 @@ static void dice_proc_read(struct snd_info_entry *entry,
> >  
> >  	if (dice_proc_read_mem(dice, &tx_rx_header, sections[4], 2) < 0)
> >  		return;
> > -	quadlets = min_t(u32, tx_rx_header.size, sizeof(buf.rx));
> > +	quadlets = min_t(u32, tx_rx_header.size, sizeof(buf.rx) / 4);
> >  	for (stream = 0; stream < tx_rx_header.number; ++stream) {
> >  		if (dice_proc_read_mem(dice, &buf.rx, sections[4] + 2 +
> >  				       stream * tx_rx_header.size,
> > --
> > To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> > the body of a message to majordomo at vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > 
>

More information about the Alsa-devel mailing list