ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0

When a TLV ioctl with numid zero is handled, the driver may spew a kernel warning with a stack trace at each call. The check was intended obviously only for a kernel driver, but not for a user interaction. Let's fix it. This was spotted by syzkaller fuzzer. Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
author: Takashi Iwai <tiwai@suse.de> 2016-01-18 14:12:40 +0100
committer: Takashi Iwai <tiwai@suse.de> 2016-01-18 14:40:07 +0100
commit: c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762 (patch)
tree: d8429b3e98516f34c872fc91e2537d2013305e9a
parent: 9586495dc3011a80602329094e746dbce16cb1f1 (diff)
download: linux-c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762.tar.gz
linux-c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762.tar.bz2
linux-c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/sound/core/control.c b/sound/core/control.c
index 196a6fe100ca..a85d45595d02 100644
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -1405,6 +1405,8 @@ static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file,
 		return -EFAULT;
 	if (tlv.length < sizeof(unsigned int) * 2)
 		return -EINVAL;
+	if (!tlv.numid)
+		return -EINVAL;
 	down_read(&card->controls_rwsem);
 	kctl = snd_ctl_find_numid(card, tlv.numid);
 	if (kctl == NULL) {
author	Takashi Iwai <tiwai@suse.de>	2016-01-18 14:12:40 +0100
committer	Takashi Iwai <tiwai@suse.de>	2016-01-18 14:40:07 +0100
commit	c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762 (patch)
tree	d8429b3e98516f34c872fc91e2537d2013305e9a
parent	9586495dc3011a80602329094e746dbce16cb1f1 (diff)
download	linux-c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762.tar.gz linux-c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762.tar.bz2 linux-c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762.zip