On Thu, 07 Jul 2016 16:22:08 +0200, Takashi Sakamoto wrote:
Linux 4.7 or former have no validator of dimension information. This can causes an issue related to user-defined element set. For example, When calculated total members in multi-dimensional matrix is larger than actual capacity of snd_ctl_elem_value_t, processes to handle the element can cause buffer-over-run.
For backward portability of this userspace library, this commit adds a validator of dimension information. When userspace applications give invalid dimension information to APIs to add element set, they receive -EINVAL.
Signed-off-by: Takashi Sakamoto o-takashi@sakamocchi.jp
src/control/control.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
diff --git a/src/control/control.c b/src/control/control.c index 2ad3e0d..ee6b1d8 100644 --- a/src/control/control.c +++ b/src/control/control.c @@ -91,6 +91,7 @@ I/O operations. #include <fcntl.h> #include <signal.h> #include <sys/poll.h> +#include <stdbool.h> #include "control_local.h"
/** @@ -302,6 +303,32 @@ int snd_ctl_elem_info(snd_ctl_t *ctl, snd_ctl_elem_info_t *info) return ctl->ops->element_info(ctl, info); }
+static bool validate_element_member_dimension(struct snd_ctl_elem_info *info)
In alsa-lib user-space, we use snd_ctl_elem_info_t. Please stick with it. In theory, this type can be different from the kernel ABI.
thanks,
Takashi