git.fsl.cs.sunysb.edu Git - wrapfs-5.3.y.git/commit

author	Takashi Iwai <tiwai@suse.de>
	Thu, 18 Nov 2021 21:57:29 +0000 (22:57 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 8 Dec 2021 07:46:47 +0000 (08:46 +0100)
commit	fcf9e1df5a5fcdf6df8840c7f376629ffd2713a0
tree	3badd1ef881f1de520edf34954c3d922ceae16b3	tree \| snapshot
parent	db918af2a64a892aa8eba7f9f34da3e3c96e76f3	commit \| diff

ALSA: ctxfi: Fix out-of-range access

commit 76c47183224c86e4011048b80f0e2d0d166f01c2 upstream.

The master and next_conj of rcs_ops are used for iterating the
resource list entries, and currently those are supposed to return the
current value.  The problem is that next_conf may go over the last
entry before the loop abort condition is evaluated, and it may return
the "current" value that is beyond the array size.  It was caught
recently as a GPF, for example.

Those return values are, however, never actually evaluated, hence
basically we don't have to consider the current value as the return at
all.  By dropping those return values, the potential out-of-range
access above is also fixed automatically.

This patch changes the return type of master and next_conj callbacks
to void and drop the superfluous code accordingly.

BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=214985
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20211118215729.26257-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

sound/pci/ctxfi/ctamixer.c		diff \| blob \| history
sound/pci/ctxfi/ctdaio.c		diff \| blob \| history
sound/pci/ctxfi/ctresource.c		diff \| blob \| history
sound/pci/ctxfi/ctresource.h		diff \| blob \| history
sound/pci/ctxfi/ctsrc.c		diff \| blob \| history