diff --git a/sound/pci/emu10k1/emumixer.c b/sound/pci/emu10k1/emumixer.c index 54a2034d8edd..88eab4a461bd 100644 --- a/sound/pci/emu10k1/emumixer.c +++ b/sound/pci/emu10k1/emumixer.c @@ -58,6 +58,9 @@ static int snd_emu10k1_spdif_get(struct snd_kcontrol *kcontrol, unsigned int idx = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id); unsigned long flags; + /* Limit: emu->spdif_bits */ + if (idx >= 3) + return -EINVAL; spin_lock_irqsave(&emu->reg_lock, flags); ucontrol->value.iec958.status[0] = (emu->spdif_bits[idx] >> 0) & 0xff; ucontrol->value.iec958.status[1] = (emu->spdif_bits[idx] >> 8) & 0xff; @@ -272,9 +275,12 @@ static int snd_emu1010_output_source_get(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - int channel; + unsigned int channel; channel = (kcontrol->private_value) & 0xff; + /* Limit: emu1010_output_dst, emu->emu1010.output_source */ + if (channel >= 24) + return -EINVAL; ucontrol->value.enumerated.item[0] = emu->emu1010.output_source[channel]; return 0; } @@ -285,9 +291,12 @@ static int snd_emu1010_output_source_put(struct snd_kcontrol *kcontrol, struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); int change = 0; unsigned int val; - int channel; + unsigned int channel; channel = (kcontrol->private_value) & 0xff; + /* Limit: emu1010_output_dst, emu->emu1010.output_source */ + if (channel >= 24) + return -EINVAL; if (emu->emu1010.output_source[channel] != ucontrol->value.enumerated.item[0]) { val = emu->emu1010.output_source[channel] = ucontrol->value.enumerated.item[0]; change = 1; @@ -301,9 +310,12 @@ static int snd_emu1010_input_source_get(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - int channel; + unsigned int channel; channel = (kcontrol->private_value) & 0xff; + /* Limit: emu1010_input_dst, emu->emu1010.input_source */ + if (channel >= 22) + return -EINVAL; ucontrol->value.enumerated.item[0] = emu->emu1010.input_source[channel]; return 0; } @@ -314,9 +326,12 @@ static int snd_emu1010_input_source_put(struct snd_kcontrol *kcontrol, struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); int change = 0; unsigned int val; - int channel; + unsigned int channel; channel = (kcontrol->private_value) & 0xff; + /* Limit: emu1010_input_dst, emu->emu1010.input_source */ + if (channel >= 22) + return -EINVAL; if (emu->emu1010.input_source[channel] != ucontrol->value.enumerated.item[0]) { val = emu->emu1010.input_source[channel] = ucontrol->value.enumerated.item[0]; change = 1; @@ -533,6 +548,9 @@ static int snd_emu1010_internal_clock_put(struct snd_kcontrol *kcontrol, int change = 0; val = ucontrol->value.enumerated.item[0] ; + /* Limit: uinfo->value.enumerated.items = 4; */ + if (val >= 4) + return -EINVAL; change = (emu->emu1010.internal_clock != val); if (change) { emu->emu1010.internal_clock = val; @@ -669,7 +687,11 @@ static int snd_audigy_i2c_capture_source_put(struct snd_kcontrol *kcontrol, * update the capture volume from the cached value * for the particular source. */ - source_id = ucontrol->value.enumerated.item[0]; /* Use 2 and 3 */ + source_id = ucontrol->value.enumerated.item[0]; + /* Limit: uinfo->value.enumerated.items = 2; */ + /* emu->i2c_capture_volume */ + if (source_id >= 2) + return -EINVAL; change = (emu->i2c_capture_source != source_id); if (change) { snd_emu10k1_i2c_write(emu, ADC_MUX, 0); /* Mute input */ @@ -720,9 +742,13 @@ static int snd_audigy_i2c_volume_get(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); - int source_id; + unsigned int source_id; source_id = kcontrol->private_value; + /* Limit: emu->i2c_capture_volume */ + /* capture_source: uinfo->value.enumerated.items = 2 */ + if (source_id >= 2) + return -EINVAL; ucontrol->value.integer.value[0] = emu->i2c_capture_volume[source_id][0]; ucontrol->value.integer.value[1] = emu->i2c_capture_volume[source_id][1]; @@ -735,10 +761,14 @@ static int snd_audigy_i2c_volume_put(struct snd_kcontrol *kcontrol, struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); unsigned int ogain; unsigned int ngain; - int source_id; + unsigned int source_id; int change = 0; source_id = kcontrol->private_value; + /* Limit: emu->i2c_capture_volume */ + /* capture_source: uinfo->value.enumerated.items = 2 */ + if (source_id >= 2) + return -EINVAL; ogain = emu->i2c_capture_volume[source_id][0]; /* Left */ ngain = ucontrol->value.integer.value[0]; if (ngain > 0xff) @@ -746,7 +776,7 @@ static int snd_audigy_i2c_volume_put(struct snd_kcontrol *kcontrol, if (ogain != ngain) { if (emu->i2c_capture_source == source_id) snd_emu10k1_i2c_write(emu, ADC_ATTEN_ADCL, ((ngain) & 0xff) ); - emu->i2c_capture_volume[source_id][0] = ucontrol->value.integer.value[0]; + emu->i2c_capture_volume[source_id][0] = ngain; change = 1; } ogain = emu->i2c_capture_volume[source_id][1]; /* Right */ @@ -756,7 +786,7 @@ static int snd_audigy_i2c_volume_put(struct snd_kcontrol *kcontrol, if (ogain != ngain) { if (emu->i2c_capture_source == source_id) snd_emu10k1_i2c_write(emu, ADC_ATTEN_ADCR, ((ngain) & 0xff)); - emu->i2c_capture_volume[source_id][1] = ucontrol->value.integer.value[1]; + emu->i2c_capture_volume[source_id][1] = ngain; change = 1; } @@ -877,6 +907,9 @@ static int snd_emu10k1_spdif_put(struct snd_kcontrol *kcontrol, unsigned int val; unsigned long flags; + /* Limit: emu->spdif_bits */ + if (idx >= 3) + return -EINVAL; val = (ucontrol->value.iec958.status[0] << 0) | (ucontrol->value.iec958.status[1] << 8) | (ucontrol->value.iec958.status[2] << 16) | @@ -1050,6 +1083,7 @@ static int snd_emu10k1_send_volume_put(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); + /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; int change = 0, idx, val; @@ -1102,6 +1136,7 @@ static int snd_emu10k1_attn_get(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); + /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; unsigned long flags; @@ -1119,6 +1154,7 @@ static int snd_emu10k1_attn_put(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); + /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; int change = 0, idx, val; @@ -1171,6 +1207,7 @@ static int snd_emu10k1_efx_send_routing_get(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); + /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; int idx; @@ -1190,6 +1227,7 @@ static int snd_emu10k1_efx_send_routing_put(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); + /* FIXME: Check limits */ int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id); struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch]; int change = 0, idx, val; @@ -1241,6 +1279,7 @@ static int snd_emu10k1_efx_send_volume_get(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); + /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; int idx; @@ -1258,6 +1297,7 @@ static int snd_emu10k1_efx_send_volume_put(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); + /* FIXME: Check limits */ int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id); struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch]; int change = 0, idx, val; @@ -1306,6 +1346,7 @@ static int snd_emu10k1_efx_attn_get(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); + /* FIXME: Check limits */ struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[snd_ctl_get_ioffidx(kcontrol, &ucontrol->id)]; unsigned long flags; @@ -1321,6 +1362,7 @@ static int snd_emu10k1_efx_attn_put(struct snd_kcontrol *kcontrol, { unsigned long flags; struct snd_emu10k1 *emu = snd_kcontrol_chip(kcontrol); + /* FIXME: Check limits */ int ch = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id); struct snd_emu10k1_pcm_mixer *mix = &emu->efx_pcm_mixer[ch]; int change = 0, val;