asoc: codec: add range check to avoid overflow

Add range check for ucontrol value to avoid array overflow. Change-Id: I7b699519bec6f605e5ca5ece8f67badbefc7a094 Signed-off-by: Vatsal Bucha <vbucha@codeaurora.org>
2021-03-08 16:02:28 +05:30
--- a/asoc/codecs/wcd938x/wcd938x.c
+++ b/asoc/codecs/wcd938x/wcd938x.c
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /*
- * Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2018-2021, The Linux Foundation. All rights reserved.
 */

 #include <linux/module.h>
@@ -2942,7 +2942,7 @@ static int wcd938x_tx_master_ch_put(struct snd_kcontrol *kcontrol,
 	struct snd_soc_component *component =
 				snd_soc_kcontrol_component(kcontrol);
 	struct wcd938x_priv *wcd938x = NULL;
-	int slave_ch_idx = -EINVAL;
+	int slave_ch_idx = -EINVAL, idx = 0;

 	if (component == NULL)
 		return -EINVAL;
@@ -2960,8 +2960,11 @@ static int wcd938x_tx_master_ch_put(struct snd_kcontrol *kcontrol,
 	dev_dbg(component->dev, "%s: ucontrol->value.enumerated.item[0] = %ld\n",
 			__func__, ucontrol->value.enumerated.item[0]);

-	wcd938x->tx_master_ch_map[slave_ch_idx] = wcd938x_slave_get_master_ch(
-				ucontrol->value.enumerated.item[0]);
+	idx = ucontrol->value.enumerated.item[0];
+	if (idx < 0 || idx >= ARRAY_SIZE(swr_master_ch_map))
+		return -EINVAL;
+
+	wcd938x->tx_master_ch_map[slave_ch_idx] = wcd938x_slave_get_master_ch(idx);
 	return 0;
 }