From: Stefan Schmidt stefan@slimlogic.co.uk
Without this check we may have the situation that scn->current_scenario == scn->num_scenarios and then we get our values from a wrong memory area. Could happen if you use the function directly after snd_scenario_list()
Also use short instead of int for the numids.
Signed-off-by: Stefan Schmidt stefan@slimlogic.co.uk --- src/ascenario.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/src/ascenario.c b/src/ascenario.c index 11912ab..d2a9519 100644 --- a/src/ascenario.c +++ b/src/ascenario.c @@ -1349,7 +1349,8 @@ int snd_scenario_get_integer(snd_scenario_t *scn, int type, int *value) int snd_scenario_get_control_id(snd_scenario_t *scn, int type, snd_ctl_elem_id_t *id) { - int numid, ret, i, count, tmp; + short numid, tmp; + int ret, i, count; snd_ctl_t *handle; snd_ctl_card_info_t *info; snd_ctl_elem_list_t *list; @@ -1357,6 +1358,11 @@ int snd_scenario_get_control_id(snd_scenario_t *scn, int type, snd_ctl_card_info_alloca(&info); snd_ctl_elem_list_alloca(&list);
+ if (scn->current_scenario >= scn->num_scenarios) { + scn_error("%s: No scenario set.\n", __func__); + return -EINVAL; + } + switch (type) { case SND_SCN_KCTL_MASTER_PLAYBACK_VOLUME: numid = scn->scenario[scn->current_scenario].playback_volume_id;