ALSA: atmel: Fix possible array overflow
authorTakashi Iwai <tiwai@suse.de>
Mon, 2 Dec 2013 14:07:59 +0000 (15:07 +0100)
committerTakashi Iwai <tiwai@suse.de>
Mon, 2 Dec 2013 14:10:41 +0000 (15:10 +0100)
The static checker found a possible array overflow in atmel/abdac.c:
  static checker warning: "sound/atmel/abdac.c:373 set_sample_rates()
        error: buffer overflow 'dac->rates' 6 <= 6"

This patch papers over the buggy point, by ensuring that dac->rates[]
update not overflowing the actual array size.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
sound/atmel/abdac.c

index 872d59e35ee23583cc60a2be24afa5ba1bf3c88d..721d8fd45685f769cbc616a6ba0552b85cd5c841 100644 (file)
@@ -357,7 +357,8 @@ static int set_sample_rates(struct atmel_abdac *dac)
                if (new_rate < 0)
                        break;
                /* make sure we are below the ABDAC clock */
-               if (new_rate <= clk_get_rate(dac->pclk)) {
+               if (index < MAX_NUM_RATES &&
+                   new_rate <= clk_get_rate(dac->pclk)) {
                        dac->rates[index] = new_rate / 256;
                        index++;
                }