[ALSA] emu10k1: Add mixer controls parameter checking.
Signed-off-by: James Courtier-Dutton <James@superbug.co.uk>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
diff --git a/sound/pci/emu10k1/emumixer.c b/sound/pci/emu10k1/emumixer.c
index 54a2034..88eab4a 100644
--- a/sound/pci/emu10k1/emumixer.c
+++ b/sound/pci/emu10k1/emumixer.c
@@ -58,6 +58,9 @@
unsigned int idx = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id);
unsigned long flags;
+ /* Limit: emu->spdif_bits */
+ if (idx >= 3)
+ return -EINVAL;
spin_lock_irqsave(&emu->reg_lock, flags);
ucontrol->value.iec958.status[0] = (emu->spdif_bits[idx] >> 0) & 0xff;
ucontrol->value.iec958.status[1] = (emu->spdif_bits[idx] >> 8) & 0xff;
@@ -272,9 +275,12 @@
struct snd_ctl_elem_value *ucontrol)
{
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
- int channel;
+ unsigned int channel;
channel = (kcontrol->private_value) & 0xff;
+ /* Limit: emu1010_output_dst, emu->emu1010.output_source */
+ if (channel >= 24)
+ return -EINVAL;
ucontrol->value.enumerated.item[0] = emu->emu1010.output_source[channel];
return 0;
}
@@ -285,9 +291,12 @@
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
int change = 0;
unsigned int val;
- int channel;
+ unsigned int channel;
channel = (kcontrol->private_value) & 0xff;
+ /* Limit: emu1010_output_dst, emu->emu1010.output_source */
+ if (channel >= 24)
+ return -EINVAL;
if (emu->emu1010.output_source[channel] != ucontrol->value.enumerated.item[0]) {
val = emu->emu1010.output_source[channel] = ucontrol->value.enumerated.item[0];
change = 1;
@@ -301,9 +310,12 @@
struct snd_ctl_elem_value *ucontrol)
{
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
- int channel;
+ unsigned int channel;
channel = (kcontrol->private_value) & 0xff;
+ /* Limit: emu1010_input_dst, emu->emu1010.input_source */
+ if (channel >= 22)
+ return -EINVAL;
ucontrol->value.enumerated.item[0] = emu->emu1010.input_source[channel];
return 0;
}
@@ -314,9 +326,12 @@
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
int change = 0;
unsigned int val;
- int channel;
+ unsigned int channel;
channel = (kcontrol->private_value) & 0xff;
+ /* Limit: emu1010_input_dst, emu->emu1010.input_source */
+ if (channel >= 22)
+ return -EINVAL;
if (emu->emu1010.input_source[channel] != ucontrol->value.enumerated.item[0]) {
val = emu->emu1010.input_source[channel] = ucontrol->value.enumerated.item[0];
change = 1;
@@ -533,6 +548,9 @@
int change = 0;
val = ucontrol->value.enumerated.item[0] ;
+ /* Limit: uinfo->value.enumerated.items = 4; */
+ if (val >= 4)
+ return -EINVAL;
change = (emu->emu1010.internal_clock != val);
if (change) {
emu->emu1010.internal_clock = val;
@@ -669,7 +687,11 @@
* update the capture volume from the cached value
* for the particular source.
*/
- source_id = ucontrol->value.enumerated.item[0]; /* Use 2 and 3 */
+ source_id = ucontrol->value.enumerated.item[0];
+ /* Limit: uinfo->value.enumerated.items = 2; */
+ /* emu->i2c_capture_volume */
+ if (source_id >= 2)
+ return -EINVAL;
change = (emu->i2c_capture_source != source_id);
if (change) {
snd_emu10k1_i2c_write(emu, ADC_MUX, 0); /* Mute input */
@@ -720,9 +742,13 @@
struct snd_ctl_elem_value *ucontrol)
{
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
- int source_id;
+ unsigned int source_id;
source_id = kcontrol->private_value;
+ /* Limit: emu->i2c_capture_volume */
+ /* capture_source: uinfo->value.enumerated.items = 2 */
+ if (source_id >= 2)
+ return -EINVAL;
ucontrol->value.integer.value[0] = emu->i2c_capture_volume[source_id][0];
ucontrol->value.integer.value[1] = emu->i2c_capture_volume[source_id][1];
@@ -735,10 +761,14 @@
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
unsigned int ogain;
unsigned int ngain;
- int source_id;
+ unsigned int source_id;
int change = 0;
source_id = kcontrol->private_value;
+ /* Limit: emu->i2c_capture_volume */
+ /* capture_source: uinfo->value.enumerated.items = 2 */
+ if (source_id >= 2)
+ return -EINVAL;
ogain = emu->i2c_capture_volume[source_id][0]; /* Left */
ngain = ucontrol->value.integer.value[0];
if (ngain > 0xff)
@@ -746,7 +776,7 @@
if (ogain != ngain) {
if (emu->i2c_capture_source == source_id)
snd_emu10k1_i2c_write(emu, ADC_ATTEN_ADCL, ((ngain) & 0xff) );
- emu->i2c_capture_volume[source_id][0] = ucontrol->value.integer.value[0];
+ emu->i2c_capture_volume[source_id][0] = ngain;
change = 1;
}
ogain = emu->i2c_capture_volume[source_id][1]; /* Right */
@@ -756,7 +786,7 @@
if (ogain != ngain) {
if (emu->i2c_capture_source == source_id)
snd_emu10k1_i2c_write(emu, ADC_ATTEN_ADCR, ((ngain) & 0xff));
- emu->i2c_capture_volume[source_id][1] = ucontrol->value.integer.value[1];
+ emu->i2c_capture_volume[source_id][1] = ngain;
change = 1;
}
@@ -877,6 +907,9 @@
unsigned int val;
unsigned long flags;
+ /* Limit: emu->spdif_bits */
+ if (idx >= 3)
+ return -EINVAL;
val = (ucontrol->value.iec958.status[0] << 0) |
(ucontrol->value.iec958.status[1] << 8) |
(ucontrol->value.iec958.status[2] << 16) |
@@ -1050,6 +1083,7 @@
{
unsigned long flags;
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
+ /* FIXME: Check limits */
struct snd_emu10k1_pcm_mixer *mix =
&emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
int change = 0, idx, val;
@@ -1102,6 +1136,7 @@
struct snd_ctl_elem_value *ucontrol)
{
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
+ /* FIXME: Check limits */
struct snd_emu10k1_pcm_mixer *mix =
&emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
unsigned long flags;
@@ -1119,6 +1154,7 @@
{
unsigned long flags;
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
+ /* FIXME: Check limits */
struct snd_emu10k1_pcm_mixer *mix =
&emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
int change = 0, idx, val;
@@ -1171,6 +1207,7 @@
{
unsigned long flags;
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
+ /* FIXME: Check limits */
struct snd_emu10k1_pcm_mixer *mix =
&emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
int idx;
@@ -1190,6 +1227,7 @@
{
unsigned long flags;
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
+ /* FIXME: Check limits */
int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id);
struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch];
int change = 0, idx, val;
@@ -1241,6 +1279,7 @@
{
unsigned long flags;
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
+ /* FIXME: Check limits */
struct snd_emu10k1_pcm_mixer *mix =
&emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
int idx;
@@ -1258,6 +1297,7 @@
{
unsigned long flags;
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
+ /* FIXME: Check limits */
int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id);
struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch];
int change = 0, idx, val;
@@ -1306,6 +1346,7 @@
struct snd_ctl_elem_value *ucontrol)
{
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
+ /* FIXME: Check limits */
struct snd_emu10k1_pcm_mixer *mix =
&emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)];
unsigned long flags;
@@ -1321,6 +1362,7 @@
{
unsigned long flags;
struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol);
+ /* FIXME: Check limits */
int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id);
struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch];
int change = 0, val;