asoc: codec: add range check to avoid overflow

Add range check for ucontrol value to avoid array overflow. Change-Id: I7b699519bec6f605e5ca5ece8f67badbefc7a094 Signed-off-by: Vatsal Bucha <vbucha@codeaurora.org>
2021-03-08 16:02:28 +05:30
parent 2f7a802e67
commit 77ac79f6c7
3 changed files with 47 additions and 19 deletions
--- a/asoc/codecs/swr-dmic.c
+++ b/asoc/codecs/swr-dmic.c
@@ -160,7 +160,7 @@ static int swr_dmic_tx_master_port_put(struct snd_kcontrol *kcontrol,
 				snd_soc_kcontrol_component(kcontrol);
 	struct swr_dmic_priv *swr_dmic = snd_soc_component_get_drvdata(component);
 	int ret = 0;
-	int slave_port_idx;
+	unsigned int slave_port_idx = SWR_DMIC_MAX_PORTS, idx = 0;

 	ret  = swr_dmic_tx_get_slave_port_type_idx(kcontrol->id.name,
 							&slave_port_idx);
@@ -169,8 +169,12 @@ static int swr_dmic_tx_master_port_put(struct snd_kcontrol *kcontrol,
 		return ret;
 	}

+	idx = ucontrol->value.enumerated.item[0];
+	if (idx < 0 || idx >= ARRAY_SIZE(swr_master_channel_map))
+		return -EINVAL;
+
 	swr_dmic->tx_master_port_map[slave_port_idx] =
-		swr_master_channel_map[ucontrol->value.enumerated.item[0]];
+			swr_master_channel_map[idx];
 	dev_dbg(component->dev, "%s: slv port id: %d, master_port_type: %d\n",
 		__func__, slave_port_idx,
 		swr_dmic->tx_master_port_map[slave_port_idx]);