| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Feb 2023 18:20:26 +0500
From: Artemii Karasev <karasev@...ras.ru>
To: Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>
Cc: Artemii Karasev <karasev@...ras.ru>, alsa-devel@...a-project.org,
linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: [PATCH] ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
snd_emux_xg_control() can be called with an argument 'param' greater
than size of 'control' array. It may lead to accessing 'control'
array at a wrong index.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Artemii Karasev <karasev@...ras.ru>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
---
sound/synth/emux/emux_nrpn.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/synth/emux/emux_nrpn.c b/sound/synth/emux/emux_nrpn.c
index 8056422ed7c5..9e6414f78e4b 100644
--- a/sound/synth/emux/emux_nrpn.c
+++ b/sound/synth/emux/emux_nrpn.c
@@ -349,6 +349,9 @@ int
snd_emux_xg_control(struct snd_emux_port *port, struct snd_midi_channel *chan,
int param)
{
+ if (param >= ARRAY_SIZE(chan->control))
+ return -EINVAL;
+
return send_converted_effect(xg_effects, ARRAY_SIZE(xg_effects),
port, chan, param,
chan->control[param],
--
2.34.1
Powered by blists - more mailing lists