Commit 6a32425f authored by Artemii Karasev's avatar Artemii Karasev Committed by Takashi Iwai

ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()

snd_emux_xg_control() can be called with an argument 'param' greater
than size of 'control' array. It may lead to accessing 'control'
array at a wrong index.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: default avatarArtemii Karasev <karasev@ispras.ru>
Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20230207132026.2870-1-karasev@ispras.ruSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent 6c4715aa
...@@ -349,6 +349,9 @@ int ...@@ -349,6 +349,9 @@ int
snd_emux_xg_control(struct snd_emux_port *port, struct snd_midi_channel *chan, snd_emux_xg_control(struct snd_emux_port *port, struct snd_midi_channel *chan,
int param) int param)
{ {
if (param >= ARRAY_SIZE(chan->control))
return -EINVAL;
return send_converted_effect(xg_effects, ARRAY_SIZE(xg_effects), return send_converted_effect(xg_effects, ARRAY_SIZE(xg_effects),
port, chan, param, port, chan, param,
chan->control[param], chan->control[param],
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment