• Takashi Iwai's avatar
    ALSA: ctxfi: Fix out-of-range access · 76c47183
    Takashi Iwai authored
    The master and next_conj of rcs_ops are used for iterating the
    resource list entries, and currently those are supposed to return the
    current value.  The problem is that next_conf may go over the last
    entry before the loop abort condition is evaluated, and it may return
    the "current" value that is beyond the array size.  It was caught
    recently as a GPF, for example.
    
    Those return values are, however, never actually evaluated, hence
    basically we don't have to consider the current value as the return at
    all.  By dropping those return values, the potential out-of-range
    access above is also fixed automatically.
    
    This patch changes the return type of master and next_conj callbacks
    to void and drop the superfluous code accordingly.
    
    BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=214985
    Cc: <stable@vger.kernel.org>
    Link: https://lore.kernel.org/r/20211118215729.26257-1-tiwai@suse.deSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    76c47183
ctdaio.c 16.9 KB