ALSA: control: Re-order bounds checking in get_ctl_id_hash()

These two checks are in the reverse order so it might read one element beyond the end of the array. First check if the "i" is within bounds before using it. Fixes: 6ab55ec0 ("ALSA: control: Fix an out-of-bounds bug in get_ctl_id_hash()") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Link: https://lore.kernel.org/r/YwjgNh/gkG1hH7po@kiliSigned-off-by: Takashi Iwai <tiwai@suse.de>

ALSA: control: Re-order bounds checking in get_ctl_id_hash()
These two checks are in the reverse order so it might read one element beyond the end of the array. First check if the "i" is within bounds before using it. Fixes: 6ab55ec0 ("ALSA: control: Fix an out-of-bounds bug in get_ctl_id_hash()") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Link: https://lore.kernel.org/r/YwjgNh/gkG1hH7po@kiliSigned-off-by: Takashi Iwai <tiwai@suse.de>
5934d9a0 · Dan Carpenter · Takashi Iwai · 6ab55ec0 · 5934d9a0
Commit 5934d9a0 authored Aug 26, 2022 by Dan Carpenter Committed by Takashi Iwai Aug 26, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

sound/core/control.c sound/core/control.c +1 -1

No files found.
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -391,7 +391,7 @@ static unsigned long get_ctl_id_hash(const struct snd_ctl_elem_id *id)
 	h = id->iface;
 	h = MULTIPLIER * h + id->device;
 	h = MULTIPLIER * h + id->subdevice;
-	for (i = 0; id->name[i] && i < SNDRV_CTL_ELEM_ID_NAME_MAXLEN; i++)
+	for (i = 0; i < SNDRV_CTL_ELEM_ID_NAME_MAXLEN && id->name[i]; i++)
 		h = MULTIPLIER * h + id->name[i];
 	h = MULTIPLIER * h + id->index;
 	h &= LONG_MAX;