From 15c726ea5218b4e40d2331bd8b25b85848f73c42 Mon Sep 17 00:00:00 2001 From: Vaibhav Agarwal Date: Tue, 16 Aug 2016 12:36:50 +0530 Subject: [PATCH] greybus: audio: Add check for invalid index while mapping control While mapping control id to define DAPM routes, invalid control index may cause kernel oops. Add extra check to validate index while mapping names to control_id. Signed-off-by: Vaibhav Agarwal Reviewed-by: Mark Greer Signed-off-by: Greg Kroah-Hartman --- drivers/staging/greybus/audio_codec.h | 1 + drivers/staging/greybus/audio_topology.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/drivers/staging/greybus/audio_codec.h b/drivers/staging/greybus/audio_codec.h index 0de2ad99003b..0153809e72ab 100644 --- a/drivers/staging/greybus/audio_codec.h +++ b/drivers/staging/greybus/audio_codec.h @@ -132,6 +132,7 @@ struct gbaudio_control { char *name; char *wname; const char * const *texts; + int items; struct list_head list; }; diff --git a/drivers/staging/greybus/audio_topology.c b/drivers/staging/greybus/audio_topology.c index 937529653cd3..5c5b813b75d3 100644 --- a/drivers/staging/greybus/audio_topology.c +++ b/drivers/staging/greybus/audio_topology.c @@ -64,6 +64,8 @@ static const char *gbaudio_map_controlid(struct gbaudio_module_info *module, if (control->id == control_id) { if (index == GBAUDIO_INVALID_ID) return control->name; + if (index >= control->items) + return NULL; return control->texts[index]; } } @@ -71,6 +73,8 @@ static const char *gbaudio_map_controlid(struct gbaudio_module_info *module, if (control->id == control_id) { if (index == GBAUDIO_INVALID_ID) return control->name; + if (index >= control->items) + return NULL; return control->texts[index]; } } @@ -1038,6 +1042,7 @@ static int gbaudio_tplg_create_widget(struct gbaudio_module_info *module, csize += gbenum->names_length; control->texts = (const char * const *) gb_generate_enum_strings(module, gbenum); + control->items = gbenum->items; } else csize = sizeof(struct gb_audio_control); *w_size += csize; @@ -1184,6 +1189,7 @@ static int gbaudio_tplg_process_kcontrols(struct gbaudio_module_info *module, csize += gbenum->names_length; control->texts = (const char * const *) gb_generate_enum_strings(module, gbenum); + control->items = gbenum->items; } else csize = sizeof(struct gb_audio_control); -- 2.20.1