From: Takashi Iwai Date: Mon, 18 Jan 2016 13:12:40 +0000 (+0100) Subject: ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0 X-Git-Tag: firefly_0821_release~3391^2~164 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=66bd949b3a3680400ff53f4f847e16ad40a9edbd;p=firefly-linux-kernel-4.4.55.git ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0 commit c0bcdbdff3ff73a54161fca3cb8b6cdbd0bb8762 upstream. When a TLV ioctl with numid zero is handled, the driver may spew a kernel warning with a stack trace at each call. The check was intended obviously only for a kernel driver, but not for a user interaction. Let's fix it. This was spotted by syzkaller fuzzer. Reported-by: Dmitry Vyukov Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman --- diff --git a/sound/core/control.c b/sound/core/control.c index 196a6fe100ca..a85d45595d02 100644 --- a/sound/core/control.c +++ b/sound/core/control.c @@ -1405,6 +1405,8 @@ static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file, return -EFAULT; if (tlv.length < sizeof(unsigned int) * 2) return -EINVAL; + if (!tlv.numid) + return -EINVAL; down_read(&card->controls_rwsem); kctl = snd_ctl_find_numid(card, tlv.numid); if (kctl == NULL) {