[alsa-devel] [PATCH v2] ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables
Pierre-Louis Bossart
pierre-louis.bossart at linux.intel.com
Mon Feb 4 16:08:41 CET 2019
> This patch itself looks fine, but maybe a safer implementation would
> be to define snd_soc_dapm_max, and define dapm_up_seq[] as
> dapm_up_seq[snd_soc_dapm_max].
Yes I thought about this but didn't know why the array was declared with
an implicit length.
> Also, another worthy change would be to set the priority non-zero, and
> trigger WARN_ON() if it hits a zero, i.e. undefined entry.
Unfortunately the zero is a legit value today, so we'd have to move all
existing values by one. Not sure if it's worth it.
Maybe an alternate way to fix this is to define snd_soc_dapm_max and
check if the ARRAY_SIZE of dapm_up_seq and dapm_down_seq match. That
would trap any changes in the enum that isn't reflected in the _seq
look-up tables.
More information about the Alsa-devel
mailing list