Dan reported that smatch reports wrong size check and after analysis it is confirmed that we are comparing wrong value: pointer size instead of array size. However the check itself is problematic as in UAPI header there are two fields:
struct snd_soc_tplg_enum_control { (...) char texts[SND_SOC_TPLG_NUM_TEXTS][SNDRV_CTL_ELEM_ID_NAME_MAXLEN]; __le32 values[SND_SOC_TPLG_NUM_TEXTS * SNDRV_CTL_ELEM_ID_NAME_MAXLEN / 4];
the texts field is for names and the values one for values assigned to those named fields, after analysis it becomes clear that there is quite a lot overhead values than we may possibly name. So instead of changing check to ARRAY_SIZE(ec->values), as it was first suggested, use hardcoded value of SND_SOC_TPLG_NUM_TEXTS.
Link: https://lore.kernel.org/alsa-devel/X9B0eDcKy+9B6kZl@mwanda/ Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Amadeusz Sławiński amadeuszx.slawinski@linux.intel.com --- sound/soc/soc-topology.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/sound/soc/soc-topology.c b/sound/soc/soc-topology.c index eb2633dd6454..7fb3a87ab860 100644 --- a/sound/soc/soc-topology.c +++ b/sound/soc/soc-topology.c @@ -889,10 +889,16 @@ static int soc_tplg_denum_create_values(struct soc_tplg *tplg, struct soc_enum * { int i;
- if (le32_to_cpu(ec->items) > sizeof(*ec->values)) + /* + * Following "if" checks if we have at most SND_SOC_TPLG_NUM_TEXTS + * values instead of using ARRAY_SIZE(ec->values) due to the fact that + * it is oversized for its purpose. Additionally it is done so because + * it is defined in UAPI header where it can't be easily changed. + */ + if (le32_to_cpu(ec->items) > SND_SOC_TPLG_NUM_TEXTS) return -EINVAL;
- se->dobj.control.dvalues = devm_kzalloc(tplg->dev, le32_to_cpu(ec->items) * + se->dobj.control.dvalues = devm_kcalloc(tplg->dev, le32_to_cpu(ec->items), sizeof(u32), GFP_KERNEL); if (!se->dobj.control.dvalues)