projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f7a6021)
ASoC: max9759: fix underflow in speaker_gain_control_put()
authorDan Carpenter <dan.carpenter@oracle.com>
Wed, 19 Jan 2022 12:31:01 +0000 (15:31 +0300)
committerMark Brown <broonie@kernel.org>
Wed, 19 Jan 2022 16:47:36 +0000 (16:47 +0000)
Check for negative values of "priv->gain" to prevent an out of bounds
access.  The concern is that these might come from the user via:
  -> snd_ctl_elem_write_user()
    -> snd_ctl_elem_write()
      -> kctl->put()

Fixes: fa8d915172b8 ("ASoC: max9759: Add Amplifier Driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20220119123101.GA9509@kili
Signed-off-by: Mark Brown <broonie@kernel.org>
sound/soc/codecs/max9759.c patch | blob | history

diff --git a/sound/soc/codecs/max9759.c b/sound/soc/codecs/max9759.c
index d75fd61b90321bee1029490f4f39f48f3f78fd5d..bc57d7687f16a0cee010c65cf19f25b0b3574800 100644 (file)
--- a/sound/soc/codecs/max9759.c
+++ b/sound/soc/codecs/max9759.c
@@ -64,7 +64,8 @@ static int speaker_gain_control_put(struct snd_kcontrol *kcontrol,
        struct snd_soc_component *c = snd_soc_kcontrol_component(kcontrol);
        struct max9759 *priv = snd_soc_component_get_drvdata(c);
 
-       if (ucontrol->value.integer.value[0] > 3)
+       if (ucontrol->value.integer.value[0] < 0 ||
+           ucontrol->value.integer.value[0] > 3)
                return -EINVAL;
 
        priv->gain = ucontrol->value.integer.value[0];
ep93xx device tree rework repo: git://git.maquefel.me/linux.git