ALSA: ak4114: Fix wrong register array size

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The size of the register cache array is actually 6 instead of 7,
as it caches up to AK4114_REG_INT1_MASK. This resulted in unexpected
access out of array range, although most of them aren't so serious
(just reading one more byte on the stack at snd_ak4114_create()).

Also, the check of cache size was wrongly done by checking with
sizeof() instead of ARRAY_SIZE(). Fixed this together.

(And yes, hardcoded numbers are bad, but I keep the coding style as is
for making it clear what this patch actually does.)

Spotted by coverity among several CIDs, e.g. 711621.

Signed-off-by: Takashi Iwai <tiwai@suse.de>

Takashi Iwai 12 years ago e12483e0 2026d24e

+6 -6

2 changed files

expand all

include

sound

ak4114.h

sound

i2c

other

ak4114.c

+2 -2

include/sound/ak4114.h

··· 170 170 void * private_data; 171 171 unsigned int init: 1; 172 172 spinlock_t lock; 173 - unsigned char regmap[7]; 173 + unsigned char regmap[6]; 174 174 unsigned char txcsb[5]; 175 175 struct snd_kcontrol *kctls[AK4114_CONTROLS]; 176 176 struct snd_pcm_substream *playback_substream; ··· 189 189 190 190 int snd_ak4114_create(struct snd_card *card, 191 191 ak4114_read_t *read, ak4114_write_t *write, 192 - const unsigned char pgm[7], const unsigned char txcsb[5], 192 + const unsigned char pgm[6], const unsigned char txcsb[5], 193 193 void *private_data, struct ak4114 **r_ak4114); 194 194 void snd_ak4114_reg_write(struct ak4114 *ak4114, unsigned char reg, unsigned char mask, unsigned char val); 195 195 void snd_ak4114_reinit(struct ak4114 *ak4114);

+4 -4

sound/i2c/other/ak4114.c

··· 60 60 61 61 printk(KERN_DEBUG "AK4114 REG DUMP:\n"); 62 62 for (i = 0; i < 0x20; i++) 63 - printk(KERN_DEBUG "reg[%02x] = %02x (%02x)\n", i, reg_read(ak4114, i), i < sizeof(ak4114->regmap) ? ak4114->regmap[i] : 0); 63 + printk(KERN_DEBUG "reg[%02x] = %02x (%02x)\n", i, reg_read(ak4114, i), i < ARRAY_SIZE(ak4114->regmap) ? ak4114->regmap[i] : 0); 64 64 } 65 65 #endif 66 66 ··· 81 81 82 82 int snd_ak4114_create(struct snd_card *card, 83 83 ak4114_read_t *read, ak4114_write_t *write, 84 - const unsigned char pgm[7], const unsigned char txcsb[5], 84 + const unsigned char pgm[6], const unsigned char txcsb[5], 85 85 void *private_data, struct ak4114 **r_ak4114) 86 86 { 87 87 struct ak4114 *chip; ··· 101 101 chip->private_data = private_data; 102 102 INIT_DELAYED_WORK(&chip->work, ak4114_stats); 103 103 104 - for (reg = 0; reg < 7; reg++) 104 + for (reg = 0; reg < 6; reg++) 105 105 chip->regmap[reg] = pgm[reg]; 106 106 for (reg = 0; reg < 5; reg++) 107 107 chip->txcsb[reg] = txcsb[reg]; ··· 142 142 /* release reset, but leave powerdown */ 143 143 reg_write(chip, AK4114_REG_PWRDN, (old | AK4114_RST) & ~AK4114_PWN); 144 144 udelay(200); 145 - for (reg = 1; reg < 7; reg++) 145 + for (reg = 1; reg < 6; reg++) 146 146 reg_write(chip, reg, chip->regmap[reg]); 147 147 for (reg = 0; reg < 5; reg++) 148 148 reg_write(chip, reg + AK4114_REG_TXCSB0, chip->txcsb[reg]);