From aa299d01f1c2e680e40813b63f8dfb46c79ea715 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Thu, 15 Nov 2007 13:16:02 +0100 Subject: [ALSA] emu10k1 - Check value ranges in ctl callbacks Check value ranges in ctl callbacks properly. This fixes the unexpected crash due to wrong value assignment. Also, remove invalid comments in the last patch. Signed-off-by: Takashi Iwai Signed-off-by: Jaroslav Kysela --- sound/pci/emu10k1/emumixer.c | 23 ++++++++++------------- sound/pci/emu10k1/p16v.c | 4 ++++ 2 files changed, 14 insertions(+), 13 deletions(-) (limited to 'sound/pci/emu10k1') diff --git a/sound/pci/emu10k1/emumixer.c b/sound/pci/emu10k1/emumixer.c index 88eab4a461b..ccacd7b890e 100644 --- a/sound/pci/emu10k1/emumixer.c +++ b/sound/pci/emu10k1/emumixer.c @@ -293,12 +293,15 @@ static int snd_emu1010_output_source_put(struct snd_kcontrol *kcontrol, unsigned int val; unsigned int channel; + val = ucontrol->value.enumerated.item[0]; + if (val >= 53) + return -EINVAL; channel = (kcontrol->private_value) & 0xff; /* Limit: emu1010_output_dst, emu->emu1010.output_source */ if (channel >= 24) return -EINVAL; - if (emu->emu1010.output_source[channel] != ucontrol->value.enumerated.item[0]) { - val = emu->emu1010.output_source[channel] = ucontrol->value.enumerated.item[0]; + if (emu->emu1010.output_source[channel] != val) { + emu->emu1010.output_source[channel] = val; change = 1; snd_emu1010_fpga_link_dst_src_write(emu, emu1010_output_dst[channel], emu1010_src_regs[val]); @@ -328,12 +331,15 @@ static int snd_emu1010_input_source_put(struct snd_kcontrol *kcontrol, unsigned int val; unsigned int channel; + val = ucontrol->value.enumerated.item[0]; + if (val >= 53) + return -EINVAL; channel = (kcontrol->private_value) & 0xff; /* Limit: emu1010_input_dst, emu->emu1010.input_source */ if (channel >= 22) return -EINVAL; - if (emu->emu1010.input_source[channel] != ucontrol->value.enumerated.item[0]) { - val = emu->emu1010.input_source[channel] = ucontrol->value.enumerated.item[0]; + if (emu->emu1010.input_source[channel] != val) { + emu->emu1010.input_source[channel] = val; change = 1; snd_emu1010_fpga_link_dst_src_write(emu, emu1010_input_dst[channel], emu1010_src_regs[val]); @@ -1083,7 +1089,6 @@ static int snd_emu10k1_send_volume_put(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; int change = 0, idx, val; @@ -1136,7 +1141,6 @@ static int snd_emu10k1_attn_get(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; unsigned long flags; @@ -1154,7 +1158,6 @@ static int snd_emu10k1_attn_put(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; int change = 0, idx, val; @@ -1207,7 +1210,6 @@ static int snd_emu10k1_efx_send_routing_get(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; int idx; @@ -1227,7 +1229,6 @@ static int snd_emu10k1_efx_send_routing_put(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - /* FIXME: Check limits */ int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id); struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch]; int change = 0, idx, val; @@ -1279,7 +1280,6 @@ static int snd_emu10k1_efx_send_volume_get(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; int idx; @@ -1297,7 +1297,6 @@ static int snd_emu10k1_efx_send_volume_put(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - /* FIXME: Check limits */ int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id); struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch]; int change = 0, idx, val; @@ -1346,7 +1345,6 @@ static int snd_emu10k1_efx_attn_get(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; unsigned long flags; @@ -1362,7 +1360,6 @@ static int snd_emu10k1_efx_attn_put(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - /* FIXME: Check limits */ int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id); struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch]; int change = 0, val; diff --git a/sound/pci/emu10k1/p16v.c b/sound/pci/emu10k1/p16v.c index d619a3842cd..9fd3135f311 100644 --- a/sound/pci/emu10k1/p16v.c +++ b/sound/pci/emu10k1/p16v.c @@ -742,6 +742,8 @@ static int snd_p16v_capture_source_put(struct snd_kcontrol *kcontrol, u32 source; val = ucontrol->value.enumerated.item[0] ; + if (val > 7) + return -EINVAL; change = (emu->p16v_capture_source != val); if (change) { emu->p16v_capture_source = val; @@ -784,6 +786,8 @@ static int snd_p16v_capture_channel_put(struct snd_kcontrol *kcontrol, u32 tmp; val = ucontrol->value.enumerated.item[0] ; + if (val > 3) + return -EINVAL; change = (emu->p16v_capture_channel != val); if (change) { emu->p16v_capture_channel = val; -- cgit v1.2.3-70-g09d2