[PATCH 1/5] ASoC: SOF: control: fix size checks for ext_bytes control .get()
Kai Vehmanen
kai.vehmanen at linux.intel.com
Mon Sep 21 13:08:10 CEST 2020
From: Pierre-Louis Bossart <pierre-louis.bossart at linux.intel.com>
cppcheck complains twice:
sound/soc/sof/control.c:436:2: style: Assignment of function parameter
has no effect outside the function. [uselessAssignmentArg]
size -= sizeof(const struct snd_ctl_tlv);
^
sound/soc/sof/control.c:436:7: style: Variable 'size' is assigned a
value that is never used. [unreadVariable]
size -= sizeof(const struct snd_ctl_tlv);
Somehow we dropped the checks for the size argument when upstreaming
the code, somewhere between v5 and v6.
Re-add a size check to avoid providing userspace with more data that
it asked for.
Also fix all error codes, we should return -ENOSPC instead of -EINVAL.
Fixes: c3078f5397046 ('ASoC: SOF: Add Sound Open Firmware KControl support')
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart at linux.intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan at linux.intel.com>
Reviewed-by: Guennadi Liakhovetski <guennadi.liakhovetski at linux.intel.com>
Signed-off-by: Kai Vehmanen <kai.vehmanen at linux.intel.com>
---
sound/soc/sof/control.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/control.c b/sound/soc/sof/control.c
index 58f8c998e6af..8d499d0e331d 100644
--- a/sound/soc/sof/control.c
+++ b/sound/soc/sof/control.c
@@ -432,7 +432,9 @@ int snd_sof_bytes_ext_get(struct snd_kcontrol *kcontrol,
* Decrement the limit by ext bytes header size to
* ensure the user space buffer is not exceeded.
*/
- size -= sizeof(const struct snd_ctl_tlv);
+ if (size < sizeof(struct snd_ctl_tlv))
+ return -ENOSPC;
+ size -= sizeof(struct snd_ctl_tlv);
/* set the ABI header values */
cdata->data->magic = SOF_ABI_MAGIC;
@@ -448,6 +450,10 @@ int snd_sof_bytes_ext_get(struct snd_kcontrol *kcontrol,
data_size = cdata->data->size + sizeof(const struct sof_abi_hdr);
+ /* make sure we don't exceed size provided by user space for data */
+ if (data_size > size)
+ return -ENOSPC;
+
header.numid = scontrol->cmd;
header.length = data_size;
if (copy_to_user(tlvd, &header, sizeof(const struct snd_ctl_tlv)))
--
2.27.0
More information about the Alsa-devel
mailing list