1. Patchew
  2. linux
  3. View series

[PATCH] ASoC: rsnd: Fix potential out-of-bounds access of component_dais[]

gerben@altlinux.org posted 1 patch 6 days, 5 hours ago 
sound/soc/renesas/rcar/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] ASoC: rsnd: Fix potential out-of-bounds access of component_dais[]
Posted by gerben@altlinux.org 6 days, 5 hours ago 
From: Denis Rastyogin <gerben@altlinux.org>

component_dais[RSND_MAX_COMPONENT] is initially zero-initialized
and later populated in rsnd_dai_of_node(). However, the existing boundary check:
  if (i >= RSND_MAX_COMPONENT)

does not guarantee that the last valid element remains zero. As a result,
the loop can rely on component_dais[RSND_MAX_COMPONENT] being zero,
which may lead to an out-of-bounds access.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 547b02f74e4a ("ASoC: rsnd: enable multi Component support for Audio Graph Card/Card2")
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
---
 sound/soc/renesas/rcar/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/renesas/rcar/core.c b/sound/soc/renesas/rcar/core.c
index 69fb19964a71..2dc078358612 100644
--- a/sound/soc/renesas/rcar/core.c
+++ b/sound/soc/renesas/rcar/core.c
@@ -1974,7 +1974,7 @@ static int rsnd_probe(struct platform_device *pdev)
 	 *	asoc register
 	 */
 	ci = 0;
-	for (i = 0; priv->component_dais[i] > 0; i++) {
+	for (i = 0; i < RSND_MAX_COMPONENT && priv->component_dais[i] > 0; i++) {
 		int nr = priv->component_dais[i];
 
 		ret = devm_snd_soc_register_component(dev, &rsnd_soc_component,
-- 
2.42.2
Re: [PATCH] ASoC: rsnd: Fix potential out-of-bounds access of component_dais[]
Posted by Kuninori Morimoto 12 hours ago 
Hi

> From: Denis Rastyogin <gerben@altlinux.org>
> 
> component_dais[RSND_MAX_COMPONENT] is initially zero-initialized
> and later populated in rsnd_dai_of_node(). However, the existing boundary check:
>   if (i >= RSND_MAX_COMPONENT)
> 
> does not guarantee that the last valid element remains zero. As a result,
> the loop can rely on component_dais[RSND_MAX_COMPONENT] being zero,
> which may lead to an out-of-bounds access.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 547b02f74e4a ("ASoC: rsnd: enable multi Component support for Audio Graph Card/Card2")
> Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
> ---

Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>

# I'm not sure why, but sometimes the mail is not comming to my mailbox
# even though it has To/Cc to me.
# I couldn't find it on spam folder either...
# I have noticed this patch via lore.kernel.org

Thank you for your help !!

Best regards
---
Kuninori Morimoto

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.