On Fri, 05 Feb 2016 09:05:41 +0100, David Henningsson wrote:
The static checker warning is:
sound/pci/hda/patch_hdmi.c:460 hdmi_eld_ctl_get() error: __memcpy() 'eld->eld_buffer' too small (256 vs 512)
I have a hard time figuring out if this can ever cause an information leak (I don't think so), but nonetheless it does not hurt to increase the robustness of the code.
Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: David Henningsson david.henningsson@canonical.com
Applied now with Cc to stable.
This should be relatively harmless, as the size is delivered basically only from the hardware, and it fits in 256 bytes unless very exotic one (I don't know of any such one, so far).
Takashi
sound/pci/hda/patch_hdmi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c index 1f52b55..2191e235 100644 --- a/sound/pci/hda/patch_hdmi.c +++ b/sound/pci/hda/patch_hdmi.c @@ -448,7 +448,8 @@ static int hdmi_eld_ctl_get(struct snd_kcontrol *kcontrol, eld = &per_pin->sink_eld;
mutex_lock(&per_pin->lock);
- if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data)) {
- if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data) ||
eld->eld_size > ELD_MAX_SIZE) {-- 1.9.1