Commit b9cee506 authored by Artemii Karasev's avatar Artemii Karasev Committed by Takashi Iwai

ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()

snd_hda_get_connections() can return a negative error code.
It may lead to accessing 'conn' array at a negative index.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: default avatarArtemii Karasev <karasev@ispras.ru>
Fixes: 30b45033 ("ALSA: hda - Expose secret DAC-AA connection of some VIA codecs")
Link: https://lore.kernel.org/r/20230119082259.3634-1-karasev@ispras.ruSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent dfd5fe19
...@@ -819,6 +819,9 @@ static int add_secret_dac_path(struct hda_codec *codec) ...@@ -819,6 +819,9 @@ static int add_secret_dac_path(struct hda_codec *codec)
return 0; return 0;
nums = snd_hda_get_connections(codec, spec->gen.mixer_nid, conn, nums = snd_hda_get_connections(codec, spec->gen.mixer_nid, conn,
ARRAY_SIZE(conn) - 1); ARRAY_SIZE(conn) - 1);
if (nums < 0)
return nums;
for (i = 0; i < nums; i++) { for (i = 0; i < nums; i++) {
if (get_wcaps_type(get_wcaps(codec, conn[i])) == AC_WID_AUD_OUT) if (get_wcaps_type(get_wcaps(codec, conn[i])) == AC_WID_AUD_OUT)
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment