[alsa-devel] ASoC: rsnd: care DMA slave channel name for DT
Dan Carpenter
dan.carpenter at oracle.com
Tue Jun 10 20:02:45 CEST 2014
Hello Kuninori Morimoto,
The patch 199e7688bdf7: "ASoC: rsnd: care DMA slave channel name for
DT" from May 22, 2014, leads to the following static checker warning:
sound/soc/sh/rcar/core.c:318 rsnd_dma_of_name()
error: buffer overflow 'mod' 4 <= 4
sound/soc/sh/rcar/core.c
278 struct rsnd_mod *mod[MOD_MAX];
279 struct rsnd_mod *src_mod, *dst_mod;
280 int i, index;
281
282
283 for (i = 0; i < MOD_MAX; i++)
284 mod[i] = NULL;
285
286 /*
287 * in play case...
288 *
289 * src -> dst
290 *
291 * mem -> SSI
292 * mem -> SRC -> SSI
293 * mem -> SRC -> DVC -> SSI
I don't understand what this comment means.
294 */
295 mod[0] = NULL; /* for "mem" */
We memset everything to NULL in the loop above so this isn't needed.
296 index = 1;
297 for (i = 1; i < MOD_MAX; i++) {
298 if (!src) {
299 mod[i] = ssi;
300 break;
301 } else if (!dvc) {
302 mod[i] = src;
303 src = NULL;
304 } else {
305 mod[i] = dvc;
306 dvc = NULL;
307 }
308
309 if (mod[i] == this)
310 index = i;
In theory, index can be MOD_MAX - 1.
311 }
312
313 if (is_play) {
314 src_mod = mod[index - 1];
315 dst_mod = mod[index];
316 } else {
317 src_mod = mod[index];
318 dst_mod = mod[index + 1];
So then it complains that mod[] has only MOD_MAX elements so we're one
space past the end of the array. Probably the way this is called, there
is something to prevent it?
319 }
regards,
dan carpenter
More information about the Alsa-devel
mailing list