[ALSA] emu10k1 - Check value ranges in ctl callbacks Check value ranges in ctl callbacks properly. This fixes the unexpected crash due to wrong value assignment. Also, remove invalid comments in the last patch. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz>

commit: aa299d01f1c2e680e40813b63f8dfb46c79ea715 [log] [tgz]
author: Takashi Iwai <tiwai@suse.de> Thu Nov 15 13:16:02 2007 +0100
committer: Mercurial server <hg@alsa0.alsa-project.org> Tue Nov 20 20:03:39 2007 +0100
tree: 7d8aa11cf32d807faa8d971029d7d174dab63c06
parent: 74415a36767d99d3adf31b4a62e4e50725e6b66a [diff]
diff --git a/sound/pci/emu10k1/emumixer.c b/sound/pci/emu10k1/emumixer.c
index 88eab4a..ccacd7b 100644
--- a/sound/pci/emu10k1/emumixer.c
+++ b/sound/pci/emu10k1/emumixer.c

@@ -293,12 +293,15 @@
 	unsigned int val;
 	unsigned int channel;
 
+	val = ucontrol->value.enumerated.item[0];
+	if (val >= 53)
+		return -EINVAL;
 	channel = (kcontrol->private_value) & 0xff;
 	/* Limit: emu1010_output_dst, emu->emu1010.output_source */
 	if (channel >= 24)
 		return -EINVAL;
-	if (emu->emu1010.output_source[channel] != ucontrol->value.enumerated.item[0]) {
-		val = emu->emu1010.output_source[channel] = ucontrol->value.enumerated.item[0];
+	if (emu->emu1010.output_source[channel] != val) {
+		emu->emu1010.output_source[channel] = val;
 		change = 1;
 		snd_emu1010_fpga_link_dst_src_write(emu,
 			emu1010_output_dst[channel], emu1010_src_regs[val]);
@@ -328,12 +331,15 @@
 	unsigned int val;
 	unsigned int channel;
 
+	val = ucontrol->value.enumerated.item[0];
+	if (val >= 53)
+		return -EINVAL;
 	channel = (kcontrol->private_value) & 0xff;
 	/* Limit: emu1010_input_dst, emu->emu1010.input_source */
 	if (channel >= 22)
 		return -EINVAL;
-	if (emu->emu1010.input_source[channel] != ucontrol->value.enumerated.item[0]) {
-		val = emu->emu1010.input_source[channel] = ucontrol->value.enumerated.item[0];
+	if (emu->emu1010.input_source[channel] != val) {
+		emu->emu1010.input_source[channel] = val;
 		change = 1;
 		snd_emu1010_fpga_link_dst_src_write(emu,
 			emu1010_input_dst[channel], emu1010_src_regs[val]);
@@ -1083,7 +1089,6 @@
 {
 	unsigned long flags;
 	struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
-	/* FIXME: Check limits */
 	struct snd_emu10k1_pcm_mixer *mix =
 		&emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
 	int change = 0, idx, val;
@@ -1136,7 +1141,6 @@
                                 struct snd_ctl_elem_value *ucontrol)
 {
 	struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
-	/* FIXME: Check limits */
 	struct snd_emu10k1_pcm_mixer *mix =
 		&emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
 	unsigned long flags;
@@ -1154,7 +1158,6 @@
 {
 	unsigned long flags;
 	struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
-	/* FIXME: Check limits */
 	struct snd_emu10k1_pcm_mixer *mix =
 		&emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
 	int change = 0, idx, val;
@@ -1207,7 +1210,6 @@
 {
 	unsigned long flags;
 	struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
-	/* FIXME: Check limits */
 	struct snd_emu10k1_pcm_mixer *mix =
 		&emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
 	int idx;
@@ -1227,7 +1229,6 @@
 {
 	unsigned long flags;
 	struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
-	/* FIXME: Check limits */
 	int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id);
 	struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch];
 	int change = 0, idx, val;
@@ -1279,7 +1280,6 @@
 {
 	unsigned long flags;
 	struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
-	/* FIXME: Check limits */
 	struct snd_emu10k1_pcm_mixer *mix =
 		&emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
 	int idx;
@@ -1297,7 +1297,6 @@
 {
 	unsigned long flags;
 	struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
-	/* FIXME: Check limits */
 	int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id);
 	struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch];
 	int change = 0, idx, val;
@@ -1346,7 +1345,6 @@
                                 struct snd_ctl_elem_value *ucontrol)
 {
 	struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
-	/* FIXME: Check limits */
 	struct snd_emu10k1_pcm_mixer *mix =
 		&emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
 	unsigned long flags;
@@ -1362,7 +1360,6 @@
 {
 	unsigned long flags;
 	struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
-	/* FIXME: Check limits */
 	int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id);
 	struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch];
 	int change = 0, val;

diff --git a/sound/pci/emu10k1/p16v.c b/sound/pci/emu10k1/p16v.c
index d619a38..9fd3135 100644
--- a/sound/pci/emu10k1/p16v.c
+++ b/sound/pci/emu10k1/p16v.c

@@ -742,6 +742,8 @@
 	u32 source;
 
 	val = ucontrol->value.enumerated.item[0] ;
+	if (val > 7)
+		return -EINVAL;
 	change = (emu->p16v_capture_source != val);
 	if (change) {
 		emu->p16v_capture_source = val;
@@ -784,6 +786,8 @@
 	u32 tmp;
 
 	val = ucontrol->value.enumerated.item[0] ;
+	if (val > 3)
+		return -EINVAL;
 	change = (emu->p16v_capture_channel != val);
 	if (change) {
 		emu->p16v_capture_channel = val;
commit	aa299d01f1c2e680e40813b63f8dfb46c79ea715	[log] [tgz]
author	Takashi Iwai <tiwai@suse.de>	Thu Nov 15 13:16:02 2007 +0100
committer	Mercurial server <hg@alsa0.alsa-project.org>	Tue Nov 20 20:03:39 2007 +0100
tree	7d8aa11cf32d807faa8d971029d7d174dab63c06
parent	74415a36767d99d3adf31b4a62e4e50725e6b66a [diff]