[patch] ALSA: rawmidi: cleanup the get next midi device ioctl

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dan Carpenter <error27@gmail.com>
To: Jaroslav Kysela <perex@perex.cz>
Cc: alsa-devel@alsa-project.org, Takashi Iwai <tiwai@suse.de>,
	Clemens Ladisch <clemens@ladisch.de>,
	kernel-janitors@vger.kernel.org, Kyle McMartin <kyle@mcmartin.ca>,
	Ulrich Drepper <drepper@redhat.com>
Subject: [patch] ALSA: rawmidi: cleanup the get next midi device ioctl
Date: Wed, 8 Sep 2010 10:53:08 +0200	[thread overview]
Message-ID: <20100908085308.GC32047@bicker> (raw)

I'm doing an audit to find integer overflows and my static checker
complained that in the original code "device + 1" could overflow.  The
overflow is harmless, but it's still worth cleaning up.  The other thing
that I noticed is that if you pass in a device which is higher than
SNDRV_RAWMIDI_DEVICES then it doesn't return an error code but just
tells you that the next device is "device + 1".

I have rewritten it to just return -EINVAL if you pass in a bogus value
that's either too high or too low.  

Signed-off-by: Dan Carpenter <error27@gmail.com>

diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
index eb68326..f944180 100644
--- a/sound/core/rawmidi.c
+++ b/sound/core/rawmidi.c
@@ -829,8 +829,12 @@ static int snd_rawmidi_control_ioctl(struct snd_card *card,

 		if (get_user(device, (int __user *)argp))
 			return -EFAULT;
+		if (device < 0)
+			return -EINVAL;
+		if (device > SNDRV_RAWMIDI_DEVICES)
+			return -EINVAL;
 		mutex_lock(&register_mutex);
-		device = device < 0 ? 0 : device + 1;
+		device++;
 		while (device < SNDRV_RAWMIDI_DEVICES) {
 			if (snd_rawmidi_search(card, device))
 				break;

WARNING: multiple messages have this Message-ID (diff)

From: Dan Carpenter <error27@gmail.com>
To: Jaroslav Kysela <perex@perex.cz>
Cc: alsa-devel@alsa-project.org, Takashi Iwai <tiwai@suse.de>,
	Clemens Ladisch <clemens@ladisch.de>,
	kernel-janitors@vger.kernel.org, Kyle McMartin <kyle@mcmartin.ca>,
	Ulrich Drepper <drepper@redhat.com>
Subject: [patch] ALSA: rawmidi: cleanup the get next midi device ioctl
Date: Wed, 08 Sep 2010 08:53:08 +0000	[thread overview]
Message-ID: <20100908085308.GC32047@bicker> (raw)

I'm doing an audit to find integer overflows and my static checker
complained that in the original code "device + 1" could overflow.  The
overflow is harmless, but it's still worth cleaning up.  The other thing
that I noticed is that if you pass in a device which is higher than
SNDRV_RAWMIDI_DEVICES then it doesn't return an error code but just
tells you that the next device is "device + 1".

I have rewritten it to just return -EINVAL if you pass in a bogus value
that's either too high or too low.  

Signed-off-by: Dan Carpenter <error27@gmail.com>

diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
index eb68326..f944180 100644
--- a/sound/core/rawmidi.c
+++ b/sound/core/rawmidi.c
@@ -829,8 +829,12 @@ static int snd_rawmidi_control_ioctl(struct snd_card *card,

 		if (get_user(device, (int __user *)argp))
 			return -EFAULT;
+		if (device < 0)
+			return -EINVAL;
+		if (device > SNDRV_RAWMIDI_DEVICES)
+			return -EINVAL;
 		mutex_lock(&register_mutex);
-		device = device < 0 ? 0 : device + 1;
+		device++;
 		while (device < SNDRV_RAWMIDI_DEVICES) {
 			if (snd_rawmidi_search(card, device))
 				break;

next             reply	other threads:[~2010-09-08  8:53 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-09-08  8:53 Dan Carpenter [this message]
2010-09-08  8:53 ` [patch] ALSA: rawmidi: cleanup the get next midi device ioctl Dan Carpenter
2010-09-08  9:40 ` Clemens Ladisch
2010-09-08  9:40   ` Clemens Ladisch
2010-09-08 19:36 ` [patch v2] ALSA: rawmidi: fix " Dan Carpenter
2010-09-08 19:36   ` Dan Carpenter
2010-09-08 19:56   ` Takashi Iwai
2010-09-08 19:56     ` Takashi Iwai
2010-09-08 21:29     ` Jaroslav Kysela
2010-09-08 21:29       ` Jaroslav Kysela
2010-09-08 22:11       ` [patch v3] " Dan Carpenter
2010-09-08 22:11         ` Dan Carpenter
2010-09-09  7:07         ` Takashi Iwai
2010-09-09  7:07           ` Takashi Iwai
2010-09-09  8:36           ` Jaroslav Kysela
2010-09-09  8:36             ` Jaroslav Kysela
2010-09-09  7:23         ` walter harms
2010-09-09  7:23           ` walter harms
2010-09-09  6:57       ` [patch v2] " Takashi Iwai
2010-09-09  6:57         ` Takashi Iwai
2010-09-09  7:44   ` Clemens Ladisch
2010-09-09  7:44     ` Clemens Ladisch
2010-09-09  8:46     ` Dan Carpenter
2010-09-09  8:46       ` Dan Carpenter

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:eb68326 dfblob:f944180 dfblob:eb68326 dfblob:f944180 )
 OR (
bs:"[patch] ALSA: rawmidi: cleanup the get next midi device ioctl" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100908085308.GC32047@bicker \
    --to=error27@gmail.com \
    --cc=alsa-devel@alsa-project.org \
    --cc=clemens@ladisch.de \
    --cc=drepper@redhat.com \
    --cc=kernel-janitors@vger.kernel.org \
    --cc=kyle@mcmartin.ca \
    --cc=perex@perex.cz \
    --cc=tiwai@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.