[lvc-project] ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
Артемий Карасев
karasev at ispras.ru
Fri Feb 3 09:00:24 MSK 2023
In snd_emux_control() method "snd_emux_port" can be passed with
field chset.midi_mode == SNDRV_MIDI_MODE_XG. The "type" can be
MIDI_CTL_PITCHBEND or MIDI_CTL_CHAN_PRESSURE.
It may lead to accessing 'control' array of size 128 with
MIDI_CTL_PITCHBEND (0x80) or MIDI_CTL_CHAN_PRESSURE (0x82) index.
How can we prevent this? Would it be a good solution to place code like this
before call snd_emux_xg_control()?
if (type == MIDI_CTL_PITCHBEND || type == MIDI_CTL_CHAN_PRESSURE){
return;
}
Found by Linux Verification Center (linuxtesting.org) with SVACE.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxtesting.org/pipermail/lvc-project/attachments/20230203/fecb95f0/attachment.html>
More information about the lvc-project
mailing list