From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Lars-Peter Clausen <lars@metafoo.de>,
Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.de>
Subject: [PATCH 3.4 23/26] ALSA: control: Make sure that id->index does not overflow
Date: Tue, 24 Jun 2014 11:50:46 -0400 [thread overview]
Message-ID: <20140624154620.597923994@linuxfoundation.org> (raw)
In-Reply-To: <20140624154619.499002156@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lars-Peter Clausen <lars@metafoo.de>
commit 883a1d49f0d77d30012f114b2e19fc141beb3e8e upstream.
The ALSA control code expects that the range of assigned indices to a control is
continuous and does not overflow. Currently there are no checks to enforce this.
If a control with a overflowing index range is created that control becomes
effectively inaccessible and unremovable since snd_ctl_find_id() will not be
able to find it. This patch adds a check that makes sure that controls with a
overflowing index range can not be created.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Acked-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/control.c | 3 +++
1 file changed, 3 insertions(+)
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -341,6 +341,9 @@ int snd_ctl_add(struct snd_card *card, s
if (snd_BUG_ON(!card || !kcontrol->info))
goto error;
id = kcontrol->id;
+ if (id.index > UINT_MAX - kcontrol->count)
+ goto error;
+
down_write(&card->controls_rwsem);
if (snd_ctl_find_id(card, &id)) {
up_write(&card->controls_rwsem);
next prev parent reply other threads:[~2014-06-24 16:51 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-24 15:50 [PATCH 3.4 00/26] 3.4.95-stable review Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 01/26] iscsi-target: Reject mutual authentication with reflected CHAP_C Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 02/26] evm: prohibit userspace writing security.evm HMAC value Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 03/26] net: tunnels - enable module autoloading Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 04/26] net: fix inet_getid() and ipv6_select_ident() bugs Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 05/26] team: fix mtu setting Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 06/26] sctp: Fix sk_ack_backlog wrap-around problem Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 07/26] mlx4_core: Stash PCI ID driver_data in mlx4_priv structure Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 08/26] net/mlx4_core: Preserve pci_dev_data after __mlx4_remove_one() Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 09/26] netlink: rate-limit leftover bytes warning and print process name Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 10/26] USB: cdc-acm: fix write and suspend race Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 11/26] USB: cdc-acm: fix write and resume race Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 12/26] USB: cdc-acm: fix broken runtime suspend Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 13/26] USB: cdc-acm: fix runtime PM for control messages Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 14/26] USB: cdc-acm: fix shutdown and suspend race Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 15/26] USB: cdc-acm: fix I/O after failed open Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 16/26] USB: cdc-acm: fix runtime PM imbalance at shutdown Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 17/26] nohz: Fix another inconsistency between CONFIG_NO_HZ=n and nohz=off Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 18/26] ALSA: hda/realtek - Add support of ALC891 codec Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 19/26] ALSA: control: Protect user controls against concurrent access Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 20/26] ALSA: control: Fix replacing user controls Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 21/26] ALSA: control: Dont access controls outside of protected regions Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 22/26] ALSA: control: Handle numid overflow Greg Kroah-Hartman
2014-06-24 15:50 ` Greg Kroah-Hartman [this message]
2014-06-24 15:50 ` [PATCH 3.4 24/26] lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 25/26] lib/lzo: Update LZO compression to current upstream version Greg Kroah-Hartman
2014-06-24 15:50 ` [PATCH 3.4 26/26] lzo: properly check for overruns Greg Kroah-Hartman
2014-06-24 19:50 ` [PATCH 3.4 00/26] 3.4.95-stable review Shuah Khan
2014-06-24 23:25 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140624154620.597923994@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=lars@metafoo.de \
--cc=linux-kernel@vger.kernel.org \
--cc=perex@perex.cz \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.