diff options
author | Takashi Iwai <tiwai@suse.de> | 2016-01-18 14:12:40 +0100 |
---|---|---|
committer | Takashi Iwai <tiwai@suse.de> | 2016-01-18 14:40:07 +0100 |
commit | c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762 (patch) | |
tree | d8429b3e98516f34c872fc91e2537d2013305e9a | |
parent | 9586495dc3011a80602329094e746dbce16cb1f1 (diff) | |
download | lwn-c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762.tar.gz lwn-c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762.zip |
ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0
When a TLV ioctl with numid zero is handled, the driver may spew a
kernel warning with a stack trace at each call. The check was
intended obviously only for a kernel driver, but not for a user
interaction. Let's fix it.
This was spotted by syzkaller fuzzer.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
-rw-r--r-- | sound/core/control.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sound/core/control.c b/sound/core/control.c index 196a6fe100ca..a85d45595d02 100644 --- a/sound/core/control.c +++ b/sound/core/control.c @@ -1405,6 +1405,8 @@ static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file, return -EFAULT; if (tlv.length < sizeof(unsigned int) * 2) return -EINVAL; + if (!tlv.numid) + return -EINVAL; down_read(&card->controls_rwsem); kctl = snd_ctl_find_numid(card, tlv.numid); if (kctl == NULL) { |