[alsa-devel] [PATCH] ALSA: hda - Fix static checker warning in patch_hdmi.c
Takashi Iwai
tiwai at suse.de
Fri Feb 5 12:37:56 CET 2016
On Fri, 05 Feb 2016 09:05:41 +0100,
David Henningsson wrote:
>
> The static checker warning is:
>
> sound/pci/hda/patch_hdmi.c:460 hdmi_eld_ctl_get()
> error: __memcpy() 'eld->eld_buffer' too small (256 vs 512)
>
> I have a hard time figuring out if this can ever cause an information leak
> (I don't think so), but nonetheless it does not hurt to increase the
> robustness of the code.
>
> Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
> Signed-off-by: David Henningsson <david.henningsson at canonical.com>
Applied now with Cc to stable.
This should be relatively harmless, as the size is delivered basically
only from the hardware, and it fits in 256 bytes unless very exotic
one (I don't know of any such one, so far).
Takashi
> ---
> sound/pci/hda/patch_hdmi.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
> index 1f52b55..2191e235 100644
> --- a/sound/pci/hda/patch_hdmi.c
> +++ b/sound/pci/hda/patch_hdmi.c
> @@ -448,7 +448,8 @@ static int hdmi_eld_ctl_get(struct snd_kcontrol *kcontrol,
> eld = &per_pin->sink_eld;
>
> mutex_lock(&per_pin->lock);
> - if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data)) {
> + if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data) ||
> + eld->eld_size > ELD_MAX_SIZE) {
> mutex_unlock(&per_pin->lock);
> snd_BUG();
> return -EINVAL;
> --
> 1.9.1
>
More information about the Alsa-devel
mailing list