From 12626530de84d2b00ff6480142f7f4374662c0c3 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Fri, 20 May 2022 09:55:37 -0700 Subject: [PATCH] ALSA: lola: Bounds check loop iterator against streams array size GCC 12 sees that it's technically possible for num_streams to be larger than ARRAY_SIZE(pcm->streams). Bounds-check the iterator. ../sound/pci/lola/lola_pcm.c: In function 'lola_pcm_update': ../sound/pci/lola/lola_pcm.c:567:64: warning: array subscript [0, 31] is outside array bounds of 'struct lola_stream[16]' [-Warray-bounds] 567 | struct lola_stream *str = &pcm->streams[i]; | ~~~~~~~~~~~~^~~ In file included from ../sound/pci/lola/lola_pcm.c:15: ../sound/pci/lola/lola.h:307:28: note: while referencing 'streams' 307 | struct lola_stream streams[MAX_STREAM_COUNT]; | ^~~~~~~ Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20220520165537.2139826-1-keescook@chromium.org Signed-off-by: Takashi Iwai --- sound/pci/lola/lola_pcm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/pci/lola/lola_pcm.c b/sound/pci/lola/lola_pcm.c index 738ec987000a..32193fae978d 100644 --- a/sound/pci/lola/lola_pcm.c +++ b/sound/pci/lola/lola_pcm.c @@ -561,8 +561,9 @@ static snd_pcm_uframes_t lola_pcm_pointer(struct snd_pcm_substream *substream) void lola_pcm_update(struct lola *chip, struct lola_pcm *pcm, unsigned int bits) { int i; + u8 num_streams = min_t(u8, pcm->num_streams, ARRAY_SIZE(pcm->streams)); - for (i = 0; bits && i < pcm->num_streams; i++) { + for (i = 0; bits && i < num_streams; i++) { if (bits & (1 << i)) { struct lola_stream *str = &pcm->streams[i]; if (str->substream && str->running)