ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()

Fri Feb 3 07:00:24 CET 2023

In snd_emux_control() method "snd_emux_port" can be passed with 
field chset.midi_mode == SNDRV_MIDI_MODE_XG. The "type" can be 
MIDI_CTL_PITCHBEND or MIDI_CTL_CHAN_PRESSURE.
It may lead to accessing 'control' array of size 128 with 
MIDI_CTL_PITCHBEND (0x80) or MIDI_CTL_CHAN_PRESSURE (0x82) index.

How can we prevent this? Would it be a good solution to place code like this 
before call snd_emux_xg_control()?

if (type == MIDI_CTL_PITCHBEND || type == MIDI_CTL_CHAN_PRESSURE){
    return;
}

Found by Linux Verification Center (linuxtesting.org) with SVACE.