[PATCH] ASoC: max9759: fix underflow in speaker_gain_control_put()
Dan Carpenter
dan.carpenter at oracle.com
Wed Jan 19 13:31:01 CET 2022
Check for negative values of "priv->gain" to prevent an out of bounds
access. The concern is that these might come from the user via:
-> snd_ctl_elem_write_user()
-> snd_ctl_elem_write()
-> kctl->put()
Fixes: fa8d915172b8 ("ASoC: max9759: Add Amplifier Driver")
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
---
>From static analysis. Not tested.
This patch is obviously harmless but I sometimes get confused about
these sound get()/put() functions. I have some code in Smatch which is
supposed to manually suppress warnings from snd_ctl_elem_write() but it
was four years old and has bitrotted so that's how I got this warning.
So I remember these as being false positives where Smatch gets confused
but when I searched my mailbox I just see similar patches which were
applied.
sound/soc/codecs/max9759.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/soc/codecs/max9759.c b/sound/soc/codecs/max9759.c
index d75fd61b9032..bc57d7687f16 100644
--- a/sound/soc/codecs/max9759.c
+++ b/sound/soc/codecs/max9759.c
@@ -64,7 +64,8 @@ static int speaker_gain_control_put(struct snd_kcontrol *kcontrol,
struct snd_soc_component *c = snd_soc_kcontrol_component(kcontrol);
struct max9759 *priv = snd_soc_component_get_drvdata(c);
- if (ucontrol->value.integer.value[0] > 3)
+ if (ucontrol->value.integer.value[0] < 0 ||
+ ucontrol->value.integer.value[0] > 3)
return -EINVAL;
priv->gain = ucontrol->value.integer.value[0];
--
2.20.1
More information about the Alsa-devel
mailing list