[alsa-devel] [patch] ALSA: riptide: off by one in snd_riptide_joystick_probe()

Mon Feb 2 11:42:37 CET 2015

At Sun, 1 Feb 2015 23:49:02 +0300,
Dan Carpenter wrote:
> 
> There is an off by one bug in snd_riptide_joystick_probe() because we
> do the "dev++" toward the start of the function instead of waiting until
> the end.
> 
> The impact of this bug is:
> 1) A static checker warning.
> 2) If you connect 32 joysticks to your computer they will fail to load
>    with a different error message than intended.
> 3) If you pass a module option to specify a non-default joystick port
>    then the parameter array has to be shifted one element.
> 
> The first two are not serious.  For the third one, it's probably too
> late to change it since the bug was introduced in 2009.  Either no one
> noticed and we can leave it alone, or if they did notice, they probably
> have implemented work arounds so we can't change it now without
> confusing them.
> 
> So instead of fixing it the "theoretically correct way", I have decided
> to just work around it by making the joystick_port[] one element
> larger.  This silences the static checker warning and doesn't affect
> user space.
> 
> Fixes: db1005ec6ff8 ('ALSA: riptide - Fix joystick resource handling')
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>

Well, I bet that no one specified this option, so far.  The only case
you need another address is the multiple analog joystick ports, and
the board is so rare.

IMO, this bug can be classified as the "behavior bug" to be fixed.
It's a fix for a regression that already broke user-space, after all.

So, could you rewrite the patch as a normal off-by-one fix?

thanks,

Takashi

> 
> diff --git a/sound/pci/riptide/riptide.c b/sound/pci/riptide/riptide.c
> index 29f2827..324e34c 100644
> --- a/sound/pci/riptide/riptide.c
> +++ b/sound/pci/riptide/riptide.c
> @@ -125,7 +125,11 @@ static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
>  static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE;
>  
>  #ifdef SUPPORT_JOYSTICK
> -static int joystick_port[SNDRV_CARDS] = { [0 ... (SNDRV_CARDS - 1)] = 0x200 };
> +/*
> + * The joystick_port accounting is off by one but I'm afraid to change it for
> + * fear of breaking userspace.
> + */
> +static int joystick_port[SNDRV_CARDS + 1] = { [0 ... (SNDRV_CARDS)] = 0x200 };
>  #endif
>  static int mpu_port[SNDRV_CARDS] = { [0 ... (SNDRV_CARDS - 1)] = 0x330 };
>  static int opl3_port[SNDRV_CARDS] = { [0 ... (SNDRV_CARDS - 1)] = 0x388 };
> 