Commit d967967e authored Sep 13, 2013 by Dan Carpenter Committed by Mark Brown Sep 13, 2013

ASoC: 88pm860x: array overflow in snd_soc_put_volsw_2r_st()



This is called from snd_ctl_elem_write() with user supplied data so we
need to add some bounds checking.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Cc: stable@vger.kernel.org

parent 5df498a2

sound/soc/codecs/88pm860x-codec.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -349,6 +349,9 @@ static int snd_soc_put_volsw_2r_st(struct snd_kcontrol *kcontrol,
		val = ucontrol->value.integer.value[0];
		val2 = ucontrol->value.integer.value[1];

		if (val >= ARRAY_SIZE(st_table) \|\| val2 >= ARRAY_SIZE(st_table))
		return -EINVAL;

		err = snd_soc_update_bits(codec, reg, 0x3f, st_table[val].m);
		if (err < 0)
		return err;