OrgACRN
/
acrn-kernel
mirror of https://github.com/projectacrn/acrn-kernel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

ALSA: control: Re-order bounds checking in get_ctl_id_hash() 

These two checks are in the reverse order so it might read one element
beyond the end of the array.  First check if the "i" is within bounds
before using it.

Fixes: 6ab55ec0a9 ("ALSA: control: Fix an out-of-bounds bug in get_ctl_id_hash()")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YwjgNh/gkG1hH7po@kili
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This commit is contained in:
Dan Carpenter 2022-08-26 18:01:10 +03:00 committed by Takashi Iwai
parent 6ab55ec0a9
commit 5934d9a038
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sound/core/control.c
View File

@ -391,7 +391,7 @@ static unsigned long get_ctl_id_hash(const struct snd_ctl_elem_id *id)
h = id->iface; h = id->iface;
h = MULTIPLIER * h + id->device; h = MULTIPLIER * h + id->device;
h = MULTIPLIER * h + id->subdevice; h = MULTIPLIER * h + id->subdevice;
for (i = 0; id->name[i] && i < SNDRV_CTL_ELEM_ID_NAME_MAXLEN; i++) for (i = 0; i < SNDRV_CTL_ELEM_ID_NAME_MAXLEN && id->name[i]; i++)
h = MULTIPLIER * h + id->name[i]; h = MULTIPLIER * h + id->name[i];
h = MULTIPLIER * h + id->index; h = MULTIPLIER * h + id->index;
h &= LONG_MAX; h &= LONG_MAX;