[PATCH] ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
Dan Carpenter
dan.carpenter at oracle.com
Thu Jul 21 12:00:42 CEST 2022
On Thu, Jul 21, 2022 at 11:02:22AM +0200, Christophe JAILLET wrote:
> find_first_zero_bit() returns MAX_COPPS_PER_PORT at max here.
> So 'idx' should be tested with ">=" or the test can't match.
>
> Fixes: 7b20b2be51e1 ("ASoC: qdsp6: q6adm: Add q6adm driver")
> Signed-off-by: Christophe JAILLET <christophe.jaillet at wanadoo.fr>
> ---
> sound/soc/qcom/qdsp6/q6adm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sound/soc/qcom/qdsp6/q6adm.c b/sound/soc/qcom/qdsp6/q6adm.c
> index 01f383888b62..1530e98df165 100644
> --- a/sound/soc/qcom/qdsp6/q6adm.c
> +++ b/sound/soc/qcom/qdsp6/q6adm.c
> @@ -217,7 +217,7 @@ static struct q6copp *q6adm_alloc_copp(struct q6adm *adm, int port_idx)
> idx = find_first_zero_bit(&adm->copp_bitmap[port_idx],
> MAX_COPPS_PER_PORT);
>
> - if (idx > MAX_COPPS_PER_PORT)
> + if (idx >= MAX_COPPS_PER_PORT)
> return ERR_PTR(-EBUSY);
Harshit asked me to write a Smatch check to prevent this bug in the
future. I got his email before I got your patch. :P Attached.
sound/soc/qcom/qdsp6/q6adm.c:220 q6adm_alloc_copp() warn: impossible find_next_bit condition
I'll probably try to make this check more generic, but even the simple
find_first_zero_bit() version will probably find bugs in the future and
it was pretty simple to write.
regards,
dan carpenter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: check_find_next_bit_off_by_one.c
Type: text/x-csrc
Size: 1749 bytes
Desc: not available
URL: <http://mailman.alsa-project.org/pipermail/alsa-devel/attachments/20220721/f8f02d8e/attachment.bin>
More information about the Alsa-devel
mailing list