Commit 4d6ff250 authored by Dan Carpenter's avatar Dan Carpenter Committed by Takashi Iwai

ALSA: dice: fix array limits in dice_proc_read()

The array limits are supposed to be in units of u32 instead of in bytes.
The current code has a potential array overflow.

Fixes: c614475b ('ALSA: dice: add a proc file to show device information')
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Acked-by: default avatarClemens Ladisch <clemens@ladisch.de>
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent eb82594b
...@@ -1019,7 +1019,7 @@ static void dice_proc_read(struct snd_info_entry *entry, ...@@ -1019,7 +1019,7 @@ static void dice_proc_read(struct snd_info_entry *entry,
if (dice_proc_read_mem(dice, &tx_rx_header, sections[2], 2) < 0) if (dice_proc_read_mem(dice, &tx_rx_header, sections[2], 2) < 0)
return; return;
quadlets = min_t(u32, tx_rx_header.size, sizeof(buf.tx)); quadlets = min_t(u32, tx_rx_header.size, sizeof(buf.tx) / 4);
for (stream = 0; stream < tx_rx_header.number; ++stream) { for (stream = 0; stream < tx_rx_header.number; ++stream) {
if (dice_proc_read_mem(dice, &buf.tx, sections[2] + 2 + if (dice_proc_read_mem(dice, &buf.tx, sections[2] + 2 +
stream * tx_rx_header.size, stream * tx_rx_header.size,
...@@ -1045,7 +1045,7 @@ static void dice_proc_read(struct snd_info_entry *entry, ...@@ -1045,7 +1045,7 @@ static void dice_proc_read(struct snd_info_entry *entry,
if (dice_proc_read_mem(dice, &tx_rx_header, sections[4], 2) < 0) if (dice_proc_read_mem(dice, &tx_rx_header, sections[4], 2) < 0)
return; return;
quadlets = min_t(u32, tx_rx_header.size, sizeof(buf.rx)); quadlets = min_t(u32, tx_rx_header.size, sizeof(buf.rx) / 4);
for (stream = 0; stream < tx_rx_header.number; ++stream) { for (stream = 0; stream < tx_rx_header.number; ++stream) {
if (dice_proc_read_mem(dice, &buf.rx, sections[4] + 2 + if (dice_proc_read_mem(dice, &buf.rx, sections[4] + 2 +
stream * tx_rx_header.size, stream * tx_rx_header.size,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment