Commit c0bcdbdf authored by Takashi Iwai's avatar Takashi Iwai

ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0

When a TLV ioctl with numid zero is handled, the driver may spew a
kernel warning with a stack trace at each call.  The check was
intended obviously only for a kernel driver, but not for a user
interaction.  Let's fix it.

This was spotted by syzkaller fuzzer.
Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent 9586495d
...@@ -1405,6 +1405,8 @@ static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file, ...@@ -1405,6 +1405,8 @@ static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file,
return -EFAULT; return -EFAULT;
if (tlv.length < sizeof(unsigned int) * 2) if (tlv.length < sizeof(unsigned int) * 2)
return -EINVAL; return -EINVAL;
if (!tlv.numid)
return -EINVAL;
down_read(&card->controls_rwsem); down_read(&card->controls_rwsem);
kctl = snd_ctl_find_numid(card, tlv.numid); kctl = snd_ctl_find_numid(card, tlv.numid);
if (kctl == NULL) { if (kctl == NULL) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment