[alsa-devel] [PATCH] ALSA: hda - Always check array bounds in alc_get_line_out_pfx

[David Henningsson]

Even when CONFIG_SND_DEBUG is not enabled, we don't want to
return an arbitrary memory location when the channel count is
larger than we expected.

Cc: stable at kernel.org
Signed-off-by: David Henningsson <david.henningsson at canonical.com>
---

Notes: This was found while debugging an OOPS on kernel 3.2.
See https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1067269 for details.
The badness calculation was improved in kernel 3.4; so not sure if the
same could happen in later kernels, but at least apply to kernels <= 3.3 would make sense.
Also adding to current trees (3.7, 3.8) would make sense IMO, just as extra safety.

 sound/pci/hda/patch_realtek.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 2d2bb66..651822c 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -2599,8 +2599,10 @@ static const char *alc_get_line_out_pfx(struct alc_spec *spec, int ch,
 			return "PCM";
 		break;
 	}
-	if (snd_BUG_ON(ch >= ARRAY_SIZE(channel_name)))
+	if (ch >= ARRAY_SIZE(channel_name)) {
+		snd_BUG();
 		return "PCM";
+	}
 
 	return channel_name[ch];
 }
-- 
1.7.9.5