[PATCH] ASoC: qcom: sm8250: Fix array out of bounds access
Static analysis Coverity had detected a potential array out-of-bounds write issue due to the fact that MAX AFE port Id was set to 16 instead of using AFE_PORT_MAX macro.
Fix this by properly using AFE_PORT_MAX macro.
Fixes: aa2e2785545a ("ASoC: qcom: sm8250: add sound card qrb5165-rb5 support") Reported-by: Colin Ian King colin.king@canonical.com Signed-off-by: Srinivas Kandagatla srinivas.kandagatla@linaro.org --- sound/soc/qcom/sm8250.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/sound/soc/qcom/sm8250.c b/sound/soc/qcom/sm8250.c index 7d43de6d909f..52c40512102f 100644 --- a/sound/soc/qcom/sm8250.c +++ b/sound/soc/qcom/sm8250.c @@ -13,12 +13,11 @@
#define DRIVER_NAME "sm8250" #define MI2S_BCLK_RATE 1536000 -#define MAX_SDW_STREAMS 16
struct sm8250_snd_data { - bool stream_prepared[MAX_SDW_STREAMS]; + bool stream_prepared[AFE_PORT_MAX]; struct snd_soc_card *card; - struct sdw_stream_runtime *sruntime[MAX_SDW_STREAMS]; + struct sdw_stream_runtime *sruntime[AFE_PORT_MAX]; };
static int sm8250_be_hw_params_fixup(struct snd_soc_pcm_runtime *rtd,
On 28/10/2020 14:20, Srinivas Kandagatla wrote:
Static analysis Coverity had detected a potential array out-of-bounds write issue due to the fact that MAX AFE port Id was set to 16 instead of using AFE_PORT_MAX macro.
Fix this by properly using AFE_PORT_MAX macro.
Fixes: aa2e2785545a ("ASoC: qcom: sm8250: add sound card qrb5165-rb5 support") Reported-by: Colin Ian King colin.king@canonical.com Signed-off-by: Srinivas Kandagatla srinivas.kandagatla@linaro.org
sound/soc/qcom/sm8250.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/sound/soc/qcom/sm8250.c b/sound/soc/qcom/sm8250.c index 7d43de6d909f..52c40512102f 100644 --- a/sound/soc/qcom/sm8250.c +++ b/sound/soc/qcom/sm8250.c @@ -13,12 +13,11 @@
#define DRIVER_NAME "sm8250" #define MI2S_BCLK_RATE 1536000 -#define MAX_SDW_STREAMS 16
struct sm8250_snd_data {
- bool stream_prepared[MAX_SDW_STREAMS];
- bool stream_prepared[AFE_PORT_MAX]; struct snd_soc_card *card;
- struct sdw_stream_runtime *sruntime[MAX_SDW_STREAMS];
- struct sdw_stream_runtime *sruntime[AFE_PORT_MAX];
};
static int sm8250_be_hw_params_fixup(struct snd_soc_pcm_runtime *rtd,
Thanks, looks good to me.
Reviewed-by: Colin Ian King colin.king@canonical.com
On Wed, 28 Oct 2020 14:20:01 +0000, Srinivas Kandagatla wrote:
Static analysis Coverity had detected a potential array out-of-bounds write issue due to the fact that MAX AFE port Id was set to 16 instead of using AFE_PORT_MAX macro.
Fix this by properly using AFE_PORT_MAX macro.
Applied to
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next
Thanks!
[1/1] ASoC: qcom: sm8250: Fix array out of bounds access commit: 7c91d02068c342918003606bf378b259f37b31ba
All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted.
You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed.
If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced.
Please add any relevant lists and maintainers to the CCs when replying to this mail.
Thanks, Mark
participants (3)
-
Colin Ian King -
Mark Brown -
Srinivas Kandagatla